IT risk is too important to leave to CIOs alone, according to a survey from the Economist Intelligence Unit (EIU).
CIOs must share responsibility for IT risk with chief risk officers to combat the growing sophistication and financial consequences of IT attacks. But confusion over responsibilities and poor communication are undermining this relationship.
Some 42% of the 218 senior risk managers interviewed by the EIU said poor communication between the IT and risk departments affect how they dealt with technology risks. Two-thirds rated their understanding of IT risk as moderate, limited or poor.
“Digital risk has become too big an issue to leave exclusively to IT managers. Risk managers need to ensure IT threats are addressed as part of their wider strategy for enterprise risk management,” says EIU editorial director, Daniel Franklin.
In most companies CIOs hold key responsibility for IT risk, but a third of risk officers spend at least 15% of their time on technology risks. Almost half those questioned said that an over-reliance on IT managers to combat IT risk causes major problems.