Australian organizations are not effectively managing IT risks

The Australian chapters of ISACA highlighted the potential for security breaches and major technology disasters at leading Australian organizations, with 60% of IT professionals stating they do not believe all IT-related risks are being effectively managed.

Furthermore, 64% of IT professionals believe the risk culture at their organization is only moderately effective or not effective at all.

“We are deeply concerned by the lack of importance being placed on managing IT risks. From these results, it is clear that Australian organizations aren’t adequately prepared,” said Paras Shah, founder and principal consultant at Vital Interacts.

Key findings show:

• 71% of respondents think Australian business teams lack awareness that IT risk management is important to attain business process goals and targets.
• 89% believe that IT risk management activities are generally perceived by business stakeholders as a compliance burden, whether external or internal.
• 23% identified a “major IT-related failure event” as one of the main drivers for their organization to manage IT risks.
• 26% indicated their IT risk management programs focused too much on IT security risks, rather than considering all IT-related risks.

The majority of survey participants came from the sectors of banking and finance services (35%), energy and utilities (11%), government and defense (11%) and manufacturing and industrials (8%) in organizations located across Australia, and included senior IT and risk management professionals.