Symantec has released the Symantec IT Risk Management Report, highlighting that 60 percent of respondents expect at least one major IT incident per year that could halt or disrupt a critical part of the business. The Symantec IT Risk Management Report, a new report aimed at helping executives and IT operational personnel understand the critical elements involved in an effective IT risk management strategy, is based on input from quantitative and qualitative survey research conducted over a twelve month period ending October 2006. Symantec collected information from more than 500 respondents from IT managers to top IT executives in organisations with worldwide operations, in a wide representation of industry segments, the security firm said.
“The ING Renault F1 Team's IT infrastructure is critical to our relationships with customers and partners and therefore, we are committed to managing IT risk as part of our larger business strategy,” said Graeme Hackland, IT manager, ING Renault FI Team.
The Symantec IT Risk Management Report survey data indicated that a majority of respondents expect to be impacted by some type of security or compliance incident in the next one to five years. Specifically, 66 percent of respondents expect a major regulatory incident at least once every five years. Additionally, 58 percent of respondents expect a major data loss caused by events such as data center outage, corruption of data, or breach of security systems, at least once every five years, the company said.
The report findings indicated that authentication, authorisation, and access was the process control rated highest for effectiveness, with 68 percent of respondents rating their organisation more than 75 percent effective. The report also underlined a specific process control problem in identifying, classifying and managing IT assets. Only 38 percent of respondents rated themselves more than 75 percent effective in implementing asset inventory, classification, and management process controls. These controls are of fundamental importance in building an IT risk management program which reflects the organisation’s priorities. Without careful risk assessment, all assets are likely to be treated equally, where some may be overprotected and others under protected.
“Organisations are beginning to see the value in taking a proactive, rather than reactive approach to their IT risk management strategy,” said Jon Oltsik, senior analyst at Enterprise Strategy Group. “Effective IT risk management requires organisations to assess both their technology and processes, as well as have clear understanding and agreement about different risks that may impact their systems, and their overall business.”
“As organisations are growing more and more dependent on their IT systems to conduct business, IT risk has become a primary concern for business leaders and one that should be addressed as part of a larger business risk management strategy,” said Greg Hughes, executive vice president, Symantec Global Services. “The Symantec IT Risk Management Report offers organisations a comprehensive view of IT risk perceived by various organisations worldwide.”
|
