IT-GRC is on the corporate 2014 agenda because "big data" and cloud computing can create unsafe IT security breakdowns, when exposed to competitors and hackers. (Part II)
A significant number of Information risks components are on the management agenda because cyber-attacks command management's attention: Managing digital assets in a new socio-technology environment will explore how businesses assess and manage information risk, because all organisations have sloppy employees
Just as technology has transformed cloud and big data into a valuable business asset, outsourcing, cloud computing, social media, "design adapted device" and other technology enabled business trends suggest that information is increasingly being dispersed across the globe and global transactions within the corporation.
Cyber-attacks related to Information risks
Now the biggest obstacle to raising the priority of information risk is a lack of understanding of the issues. More than three-quarters of respondents from a recent survey think that information risk can typically be mitigated by technology fixes to hardware and software.
Yet the focus on cyber-attacks and Information risk in the new technology landscape is focused on implementing more hardware and technology fixes. This approach intimidates and overshadows the vital role that employees and discipline play in both mitigating and creating IT Security risks.
Awareness of information risk does not extend across the business. Most companies are failing to create a culture of awareness on IT security:
- Only 27 % of the report a substantial understanding of information risk across the organisation. The most knowledgeable departments are IT and finance, where the key ---most critical information is thought to exist.
- 57% believe that the low level of awareness across the organization is equally true vertically: the importance of protecting information has not been a tone-at-the-top issue and therefore has not filtered down to lower levels of the business.
Managing digital assets.
Workshops, training and seminars increases the awareness of being prepared. Still upto 40% og CEO and CIO’s require a proper training and guidance on the actions to be taken, after information has been lost or stolen.
- One in four respondents, on the other hand, has enough knowledge, training and experience to take the lead in the event of an IT Security breach.
Copenhagen Compliance continues to foster collaboration and information sharing are encouraged thru the IT Security seminars and workshops:
- 62% of respondents to our survey are looking to governments and regulators to take a greater lead in information risk management.
- The primary concern is to promote knowledge sharing between companies on potential cyber-attacks.
- 68% of respondents would appreciate greater regional harmonisation of the rules surrounding data security.
Therefore we recommend that in house IT-Security training, education, workshops and seminars is the answer so that all employees feel prepared. It seems that senior business leaders apparently focus on other issues and problems and therefore are generally ill-prepared for a loss of information at their business. Please note that nearly half of all organisations have experienced a loss of information in the past two years.
Added source: The Economist survey.