You are here  IT Management Risk Management

IT security fears are stifling business innovation at 80% of firms worldwide, says IDC

Antony Savvas
Friday 03 October 2008 03:40

IT security fears are stifling business innovation at 80% of firms worldwide, says research from analyst IDC.

The global weighted estimate of fear is based on interviews with nearly 200 top business executives and security professionals at large firms, mainly based in the US.

The research was conducted on behalf of security firm RSA, which says it reveals "a growing chasm between security and innovation".

"The inextricable link between security and innovation is clear, but organisations are still really struggling with how to strike the right balance between driving new innovations to market and instituting effective IT security practices," said RSA president Art Coviello.

"Security has long been a global business issue and this research tells us it is a top priority for today's senior management teams. There has never been a better time for companies to make the cultural, philosophical and technological shifts required to better align their security and business innovation strategies," says Coviello.

The IDC research showed that 80% of those surveyed admitted that their organisations had backed away from new innovation opportunities because of information security concerns.

IDC also found that although 80% of CEOs believe their security teams are being held formally accountable for their contributions to business growth and innovation only 44% of security leaders believe they are being measured on their contributions to innovation.

This finding "points to a surprising lack of alignment between the expectations of C-level management and the priorities of security professionals", said RSA.

And whilst the need to link IT security strategies directly to business goals is a widely-recognised imperative, only 21% of respondents believed their organisations have successfully made the transition to an approach that is proactive and business-aligned, and which enables rather than impedes innovation.

Chris Christiansen, an analyst at IDC, said, "It is evident that in spite of some good progress, the relationship between innovation and security is still very strained. The reality is that innovation and security do not need to be competing priorities, they are in fact complementary.

"In the end, we believe organisations that demand early IT involvement in business innovation efforts, and lay out explicit business innovation metrics for their security teams, have a much better chance of advancing their overall organisational goals."