The role of IT security is still not well-understood by business, according to a new survey by Turnkey Consulting.
The survey asked IT professionals about their organization’s position with regard to investment in IT and systems security and responses revealed that:
- 17.5% believe it is perceived as an unnecessary expense only undertaken to keep auditors happy, up from 12.2% in 2012.
- 37.5% say it is seen essential business practice that can deliver ROI, but this was down from 43.9% in 2012.
This is despite over two thirds (71.8%) of respondents saying that the IT security risks their organizations face from external sources has increased. In addition:
- 38.2% of respondents had experienced a fraud incident in 2013, up from 31.3% in 2012.
- In the past year, 30% had experienced a data loss that affected business operations, up from 17.1% in 2012.
Research also indicated that there is on ongoing reluctance to regard IT security as a business issue:
- 57.5% of respondents believed their organization saw it as everyone’s responsibility, down from 64.6% in 2012.
- 40% of respondents reported that their organization regarded IT and systems security as the sole responsibility of IT, up from 28% in 2012.
However, 55% of respondents said they used some automated controls, designed to prevent or detect exceptions in a business process, and planned to increase the number. This figure was up from 50% in 2012.
“It is concerning to see that IT security is still not perceived as an integral part of the business,” says Richard Hunt, managing director of Turnkey Consulting. “Corporate SAP systems are accessed from an increasing number of touchpoints, both inside and outside the organization as employees adopt mobile working, and enterprises look to enhance third party relationships with suppliers and customers. This streamlines business processes, but it increases the risk to the enterprise. To tackle this, an end-to-end approach to security is required to fully secure the organization’s systems and data.”