Almost two-thirds (60%) of firms expect at least one
major IT incident per year that could halt or disrupt a critical
part of their business.
The statistic is revealed in Symantec’s IT Risk Management Report, which
aims to help executives and IT operational personnel understand the
critical elements involved in an effective IT
risk management strategy.
Symantec collected information from more than 500 respondents,
from IT managers to top IT executives, in organisations with
worldwide operations.
The report indicated that the majority of respondents expect to
be impacted by some type of security or compliance incident in the
next one to five years.
Specifically, 66% of respondents expect a major regulatory
incident at least once every five years.
Additionally, 58% expect a major data loss caused by events such
as a datacentre outage, corruption of data or breach of security
systems, at least once every five years.
Symantec said effective IT risk management requires a strong
combination of expertise and investment in process controls and
technology controls.
The most effective IT risk management programs use defined
controls that combine well chosen technologies and best practice
processes, said Symantec.
Most respondents in the report said their organisations'
capabilities with technology controls are more effective than with
process controls.
The report revealed a specific process control problem in
identifying, classifying and managing IT assets.
Only 38% of respondents rated themselves more than 75% effective
in implementing asset inventory, classification, and management
process controls.
Without careful risk assessment, all assets are likely to be
treated equally, where some may be over-protected and others
under-protected.
The report also revealed a noticeable difference in the way IT
executives and IT directors viewed their organisations’ IT risk
exposure, particularly around perceived risk related to both
business process and compliance risk.
For example, 8% of IT executives rated business process risk as
critical to their IT operations compared to 22% of IT directors. In
addition, 23% of IT executives rated compliance risk as critical to
their IT operations compared to 16% of IT directors.
Read the Symantec IT Risk Management Report
Firms face three-year security race
Stuart King’s
risk management blog
Dealing with the operational challenges of information security and
risk management
David Lacey’s
security blogThe latest ideas, best practices, and
business issues associated with managing security
Comment on this article:
computer.weekly@rbi.co.uk