Businesses finally see ROI for IT security

IT security is increasingly being regarded as an integral part of business operations, a survey has revealed

IT security is increasingly being regarded as an integral part of business operations, a survey has revealed.

Some 44% of organisations view investment in IT and systems security as an essential business practice that can deliver return on investment (ROI), according to the survey.

More than 100 IT professionals who use SAP software and are involved in security and control activities were polled by Turnkey Consulting, a specialist GRC and IT security company.

Almost two-thirds of organisations regard IT security as the responsibility of everyone within the enterprise, not just the IT department, the survey found.

Some 38% of respondents said their organisations see investment in IT and systems security as an "insurance policy" to protect company assets.  

Marking a shift from the past, 72% of organisations ranked security as one of the top three considerations when implementing a significant IT project.

The survey also investigated organisations’ perceptions of the risk they face, as well as the effects of fraud and data loss when they occur. 

Read more on security investment

The results show that 44% of the respondents believe their organisation faces more risk than it did a year ago, while 32% think this risk has stayed the same.

Almost a third said they had experienced fraud incidents in the past year, but just over a third had not. The remainder said they did not know.

Some 16% of respondents said that they had experienced a data loss in the past 12 months that had affected their business operations.

The survey revealed that insider fraud is an issue that cannot be ignored, with 36% of the organisations that have experienced a fraud incident saying it was carried out internally.

“Organisations are recognising that, rather than being an essential but unwanted overhead, investing in IT security can have a positive impact on business operations and ROI,” said Richard Hunt, managing director of Turnkey Consulting. 

“As a result, it is being given a place on the boardroom agenda, rather than being regarded as the sole domain of the IT department. 

“Closely related to this trend is the increased awareness we are seeing among organisations about the risk they face and the implications this raises,” he said.

Image: Thinkstock


Read more on IT risk management