How tech pros perceive the evolving state of risk in the business environment

SolarWinds released a report which examines how technology professionals perceive their organizations’ risk management and mitigation readiness after a year of rapid transformation fueled by the global pandemic.

The study analyzes the state of risk within the IT industry today and provides guidance on workplace strategy, tool sets, preparedness, and leadership for companies as they work to construct an organization built to withstand risk.

Over the past year, tech pros were tasked with enabling a distributed global workforce and managing the adoption of public cloud services, as organizations quickly pivoted to implement a range of technologies to keep their businesses up and running during the pandemic. Against this backdrop, nearly every industry was confronted with the acceleration of high-level cybersecurity breaches, which highlighted the potential risk of incomplete security policies and procedures across the industry.

Exposure to enterprise IT risk is common across organizations

This unprecedented upheaval has served as a critical catalyst for a broader exploration of organizations’ exposure to enterprise IT risk of all kinds—including risk introduced by the implications of remote, distributed work—and the degree to which organizations are prepared to manage, mitigate, and prevent risk in the future.

The findings of the report uncover a reality in which exposure to enterprise IT risk is common across organizations but perceptions of apathy and complacency surrounding risk preparedness are high as businesses exit a year of pandemic-driven “crisis mode.”

Tech pros have outlined key areas of technology investment and upskilling to prioritize cloud computing, network infrastructure solutions, and security/compliance—demonstrating an inherent awareness that falling behind is potentially the greatest risk of all.

This year’s study reveals the immense opportunity ahead for tech pros and IT leadership to align and collaborate on priorities and policies to best position not only individual organizations but the industry at large to succeed with a future built for risk preparedness.

“Technology professionals today are under even greater pressure to ensure optimized, secure performance for remote workforces while facing limited time and resources for personnel training. When it comes to risk management and mitigation, prioritizing intentional investments in technology solutions that meet business needs is critical,” said Sudhakar Ramakrishna, President and CEO, SolarWinds.

“More than ever before, tech pros must partner closely with business leaders to ensure they have the resources and headcount necessary to proactively address security risks. And more importantly, tech pros should constantly assess their risk management, mitigation, and protocols to avoid falling into complacency and being ‘blind’ to risk.”

The report explores how tech pros perceive the state of risk in today’s business environment, and how the global pandemic impacted technology investments across IT teams.

Leading macro trends influencing enterprise IT risk today

Security threats associated with external breaches and the internal impact of COVID-19 IT policies emerged as the leading macro trends influencing enterprise IT risk today.

46% of overall tech pros surveyed state their organizations have had medium exposure to enterprise IT risk over the past 12 months.The level of perceived risk exposure differs by the size of the organization. A sense of high or extremely high-risk exposure is perceived more acutely by tech pros at enterprise organizations (19%) as compared to their small business (11%) and mid-size (7%) counterparts.

Security breaches are perceived to be the biggest external factor influencing an organization’s exposure to risk, with 76% of tech pros surveyed citing external security threats like cyberattacks as the top macro trend influencing their organization’s risk exposure.

However, COVID-19 also had a critical impact on organizations’ risk exposure, with tech pros flagging these top associated risk-inducing factors (by weighted rank):

• Remote work policies (70%)
• Growth of data as a result of work-from-home (WFH) needs (51%)
• Distributed workforce/employee relocation (50%)

Likewise, 58% of tech pros surveyed said the accelerated shift to remote working was the number-one aspect within current IT environments considered to increase an organization’s risk exposure, followed closely by unknown human factors such as employee security burnout (due to constant MFA exposure, changing passwords, and other security best practices) (56%).

75% of respondents say security and compliance ranked in the top three technologies most critical to managing/mitigating risk within their organizations, followed by network infrastructure (44%) and ITSM and/or ITAM solutions (28%).

Although external security threats are the primary risk factor, internal vulnerabilities as a result of remote/distributed environments and employee cybersecurity hygiene (or lack thereof) cannot be overlooked in today’s work landscape.

Tech pros confident in their risk management and mitigation preparedness strategies

Tech pros are confident in their risk management and mitigation preparedness strategies although enterprise IT risk exists within their organizations.

73% of tech pros surveyed “agree” or “strongly agree” their IT organization is prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place. This finding is echoed by organizations’ careful approach to technology adoption and implementations in response to shifting demands of COVID-19 distributed work environments: despite the accelerated timeline, nearly 40% of respondents said standard risk management protocols were followed.

That said, as detailed in a recent McKinsey report, tech pros and their IT organizations will need to be careful to avoid complacency in today’s ever-evolving risk landscape and be sure to refresh and strengthen their approach to risk management for the future.

Tech pros prioritizing investments in security

Tech pros are prioritizing investments in security and compliance, network infrastructure, and cloud computing as core technologies that can help manage risk, but implementation is hampered by dwindling resources and access to personnel training.

More than 80% of tech pros surveyed “agreed” or “strongly agreed” technology is the best way for organizations to manage, mitigate, and resolve issues related to risk.

IT teams prioritized investment in security and compliance (54%) and network infrastructure (52%), followed by cloud computing (35%) to accommodate the unprecedented demands of COVID-19 and the shift to remote work.

However, despite the understanding that technology can play a critical role in enterprise IT risk management, barriers to its adoption and implementation exist. The top three reported challenges when it comes to using technology to mitigate and/or manage risk within organizations are:

• Lack of budget/resources (57%)
• Lack of training for personnel (48%)
• Decreased staff size (36%)

Interestingly, challenges for enterprise organizations differ with 44% of enterprise respondents citing unclear or shifting priorities as their biggest barrier to using technology to mitigate/manage risk.

Implementation is further hampered by 45% of tech pros admitting that while some of their monitoring/management tools are integrated to enhance visibility across their IT environment(s)—whether on-premises, cloud-based or hybrid—other tools are still siloed.

Tech pros are overcoming these barriers by:

• Prioritizing the introduction of new technologies to the environment (such as multi-factor authentication and/or additional/new monitoring) (54%)
• Developing policies and processes (50%)

Tech pros and senior leaders’ collaboration

Tech pros are capitalizing on an opportunity to foster greater alignment and collaboration with senior leaders to best position their organizations to manage and mitigate risks in the future.

61% of respondents are confident or extremely confident their IT organization will continue to invest in risk management/mitigation technologies over the next three years.

62% perceive their organization’s senior leaders or decision-makers to have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be impacted by a risk factor.

But while 36% believe their organization is prepared to mitigate and manage risk, 26% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk. This reinforces how 48% of tech pros surveyed state their IT organizations are improving alignment between IT business goals and corporate leadership in response to other tech adoption barriers like a lack of skilled IT staff triggered by cost- cutting, consolidation, or outdated skillsets, and a lack of available IT management tools.