Almost two-thirds (60%) of firms expect at least one major IT incident per year that could halt or disrupt a critical part of their business.
The statistic is revealed in Symantec’s IT Risk Management Report, which aims to help executives and IT operational personnel understand the critical elements involved in an effective IT risk management strategy.
Symantec collected information from more than 500 respondents, from IT managers to top IT executives, in organisations with worldwide operations.
The report indicated that the majority of respondents expect to be impacted by some type of security or compliance incident in the next one to five years.
Specifically, 66% of respondents expect a major regulatory incident at least once every five years.
Additionally, 58% expect a major data loss caused by events such as a datacentre outage, corruption of data or breach of security systems, at least once every five years.
Symantec said effective IT risk management requires a strong combination of expertise and investment in process controls and technology controls.
The most effective IT risk management programs use defined controls that combine well chosen technologies and best practice processes, said Symantec.
Most respondents in the report said their organisations' capabilities with technology controls are more effective than with process controls.
The report revealed a specific process control problem in identifying, classifying and managing IT assets.
Only 38% of respondents rated themselves more than 75% effective in implementing asset inventory, classification, and management process controls.
Without careful risk assessment, all assets are likely to be treated equally, where some may be over-protected and others under-protected.
The report also revealed a noticeable difference in the way IT executives and IT directors viewed their organisations’ IT risk exposure, particularly around perceived risk related to both business process and compliance risk.
For example, 8% of IT executives rated business process risk as critical to their IT operations compared to 22% of IT directors. In addition, 23% of IT executives rated compliance risk as critical to their IT operations compared to 16% of IT directors.
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Comment on this article: email@example.com