X
Tech
Home Tech Security

The state of IT risk management

Symantec issued its second annual report on IT risk management. Key findings from "IT Risk Management Report" that surveyed 405 IT professionals include:IT professionals are adopting a more balanced, less security-centric view of IT risk—more of them now see availability risk as critical or serious than any other element.
Written by Dan Farber, Inactive

Symantec issued its second annual report on IT risk management. Key findings from "IT Risk Management Report" that surveyed 405 IT professionals include:

  • IT professionals are adopting a more balanced, less security-centric view of IT risk—more of them now see availability risk as critical or serious than any other element.

sy2.jpg

  • Compliance risk is more than security risk formalized by law: data breaches, outages and disasters may cause irrecoverable losses of customer loyalty, revenue, and company value.
  • Reactive or annual project-oriented IT risk management is better than nothing. But IT professionals’ expectations of monthly incidents in a constantly-changing global and regional business and technology environment call for a continuous, process-oriented approach.
  • Best-in-class organizations deploy controls balanced across strategic, support, delivery, and security categories, positioning themselves to correct the missing or faulty processes that cause most incidents.

sy1.jpg

  • Over the past year, survey participants saw no improvement in asset inventory classification and management controls, and a decline in data lifecycle management.
  • IT risk management builds on operational risk management and manufacturing quality disciplines, spurred on by Sarbanes-Oxley and other regulations affecting corporate governance, and supported by its own emerging frameworks, standards, and best practices.

The report also took the pulse of those survey regarding how they view their exposure to high impact events:

  • 66 percent of participants expect a regulatory non-compliance event at least once every five years
  • 59 percent expect a major loss-of-information event at least once every five years
  • 63 percent expect a major IT failure at least once a year
  • 69 percent expect a minor IT failure at least ten times a year

The report offers the usual recommendations to lessen risk, such as have one person in charge, use an event as a catalyst for change, perform initial risk assessments and start dialogs at the executive and board level.

One of the findings that stood out is the root cause of incidents that increase risk to the business. A lack of process frameworks, environmental issues and staffing lapses accounted the large percentage of incidents among those surveyed. Those three areas would be the right places to start directed efforts to reduce risk profiles.

sy3.jpg

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close