Security risks overwhelming IT departments

System failures and hacking hitting the balance sheet, says EIU survey

Almost two-thirds of companies have suffered "significant" financial damage as a result of IT systems failures in the last year, according to research by the Economist Intelligence Unit (EIU).

The Digital Risk survey of 218 senior risk managers found 60 per cent have incurred losses due to systems failure, while a third suffered financial damage as a result of hacking and phishing attacks.

More than half (55 per cent) said the biggest challenge companies face in tackling IT risks is the growing sophistication of hackers and cyber criminals, and slightly less than half (48 per cent) said IT and security problems pose a high risk to their business operations.

Responsibility for IT risk lies primarily with the CIO in most organisations but it is coming under increasing scrutiny from other executives such as the emerging position of chief risk officer (CRO). Nearly half of respondents said one of the main difficulties in managing risk is over-reliance on IT management to control digital risks.

Remote working is also a worry for businesses with 57 per cent of the executives saying the trend significantly increases their firm's exposure to electronic threats.

Daniel Franklin, editorial director at the EIU, said IT risk is now too big an area to be handled by the CIO and IT department alone.

"Digital risk has become too big an issue to leave exclusively to IT managers," he said in the report. "Risk managers need to ensure IT threats are addressed as part of their wider strategy for enterprise risk management."

The EIU report was sponsored by ACE, Cisco Systems, Deutsche Bank, IBM and KPMG, and 40 per cent of respondents were from the financial services sector.