Organizations would be better served by not always acquiring the latest tools, but instead focusing on the fundamentals.
The results from this year’s survey indicate that the risk landscape is changing at an accelerated pace.
Surprisingly, only 53% of respondents have a documented security strategy, and only 47% indicated that their current strategy adequately addresses the risks.
Additionally, 56% of participants indicated they need to modify their strategy or need to investigate further to understand the new risks.
Point solutions have ceased to work
This year’s results show that 31% of respondents indicated that their organization has recently purchased information security solutions that are perceived as having failed or under-delivered. Organizations would be better served by not always acquiring the latest tools, but instead focusing on the fundamentals.
The emergence of IT risk management as a structured approach
To effectively manage IT risks, organizations need to gain a broad and comprehensive view of the entire IT risk landscape.
This holistic perspective will provide companies with a starting point to help identify and manage current IT risks and challenges, as well as those that may evolve over time. When we look at our survey results, 84% of respondents indicated that they have an IT risk management program in place or are considering it within the next 12 months.
| Our perspective |
- Revisit your information security strategy to conform to the current risk landscape.
- Instead of acquiring the latest tools, focus on the fundamentals.
- Implement a structured, pragmatic approach to managing IT risk to make sure it focuses on the risks that matter. We see an IT risk management or governance risk and compliance (GRC) approach as a key future investment for many organizations.
- Address the entire IT risk universe in your IT risk or GRC program, which is broader than just information security.