- Date published:
- Author:Brian Wood
IT Security is a big deal for many AIS clients — and the survey results described below help illustrate why that is so.
The post is from Jim Kim of FierceComplianceIT and covers an article originally penned by Warwick Ashford in ComputerWeekly.com.
Emphasis in red added by me.
Brian Wood, VP Marketing
IT security risk still growing
There was a day when executives tended to discount the value of IT security, but that has changed dramatically in recent years, as big companies become humbled by attacks on their networks.
The risks these days are readily apparent, especially in the financial services industry, which has been under near constant DDoS attacks for months. A recent survey by Turnkey Consulting, as noted by ComputerWeekly.com, found that the perception of risk is continuing to grow.
About 44 percent of the executives believe their organization faces more risk than it did a year ago, while 32 percent think this risk is the same. Almost a third said they had experienced fraud incidents in the past year, but just over a third had not. The remainder said they did not know. The survey also found that IT pros regard insider fraud as a huge issue.
Perhaps the biggest change is that there is now a consensus that security is an issue that extends beyond the IT guys. It’s a sign of progress that both IT and non-IT professionals see it that way. All in all, it would be nice to see more rigorous work on the specific returns on IT security investments. Given the costs of breaches, it may be hitting sky-high levels, which is great for security vendors.
Businesses finally see ROI for IT security
IT security is increasingly being regarded as an integral part of business operations, a survey has revealed.
Some 44% of organisations view investment in IT and systems security as an essential business practice that can deliver return on investment (ROI), according to the survey.
More than 100 IT professionals who use SAP software and are involved in security and control activities were polled by Turnkey Consulting, a specialist GRC and IT security company.
Almost two-thirds of organisations regard IT security as the responsibility of everyone within the enterprise, not just the IT department, the survey found.
Some 38% of respondents said their organisations see investment in IT and systems security as an “insurance policy” to protect company assets.
Marking a shift from the past, 72% of organisations ranked security as one of the top three considerations when implementing a significant IT project.
The survey also investigated organisations’ perceptions of the risk they face, as well as the effects of fraud and data loss when they occur.
The results show that 44% of the respondents believe their organisation faces more risk than it did a year ago, while 32% think this risk has stayed the same.
Almost a third said they had experienced fraud incidents in the past year, but just over a third had not. The remainder said they did not know.
Some 16% of respondents said that they had experienced a data loss in the past 12 months that had affected their business operations.
The survey revealed that insider fraud is an issue that cannot be ignored, with 36% of the organisations that have experienced a fraud incident saying it was carried out internally.
“Organisations are recognising that, rather than being an essential but unwanted overhead, investing in IT security can have a positive impact on business operations and ROI,” said Richard Hunt, managing director of Turnkey Consulting.
“As a result, it is being given a place on the boardroom agenda, rather than being regarded as the sole domain of the IT department.
“Closely related to this trend is the increased awareness we are seeing among organisations about the risk they face and the implications this raises,” he said.