Many companies not practicing strong IT oversight

Using an industry report
Hi tech is a regular part of doing business, but companies can do more to protect themselves from attacks (manfeiyang/iStock/Getty Images Plus)

Over 90% of senior business leaders agree that strong technology oversight contributes to improved business outcomes and increased agility. But just 69% report their leadership and board of director teams need to establish a clearer link between business and IT goals.

The findings are in a survey by global technology association ISACA.

“It’s crucial boards become hyper vigilant to assure a tight link between business and IT goals,” said ISACA Vice Chairman Rob Clyde. “That way they can really leverage technology and achieve their objectives.”

Not all executive teams and boards have digital security down pat. Data shows:

  • Only 55% of organizations’ leadership team and board are doing everything they can to safeguard their digital assets and data.
  • 21% don’t think their leadership team and board are doing all they can to safeguard their organization’s digital assets and data, and 23% neither agree/disagree or don’t know.
  • As a part of overall governance, cybersecurity policies and defenses, like strong passwords, were cited as the number one corporate governance technological challenge and opportunity faced by senior leadership teams globally. Yet:
  • Only 21% of senior leadership and boards are briefed on risk topics at every senior leadership meeting.
  • Only one-third of organizations assess risk related to technology use on a monthly or more frequent basis.

Many leadership teams are prioritizing and increasing funding for cybersecurity and risk management programs:

  • Almost half (48%) of leadership teams will prioritize funding expansion in cyber defense improvements, beating the number that intend to significantly expand funding for digital transformation (33%) and cloud (27%).
  • Leadership teams also intend to fund increases in spending for security consultants (27%), upgrades to network perimeter defenses (25%), and cyber insurance (17%).
  • Well over half (64 percent) of organizations have already increased spending on risk management in the past year versus last year, and 33% intend to increase spending in enterprise risk management programs over the next 12 months.
  • Leadership teams recognize that internal cyberthreats are as real as external ones:
  • 61% say the board or senior leadership team believes there is heightened risk from both external and internal risks.

Despite the widely recognized importance of cybersecurity, most organizations are not planning to increase funding for training over the next year:

  • 35% of respondents intend to increase spending on data security training for employees.
  • 15% of respondents intend to increase spending for cybersecurity training for board members.
  • 21% of respondents intend to increase spending for employee privacy training.

Most organizations are using some type of governance framework to help address areas like cybersecurity and risk.

Respondents were asked to name organizations whose boards they perceive to be doing an exemplary job of business technology governance. Of the more than 150 organizations noted, Microsoft, Google and IBM were most often cited as leading by example.

In addition, at companies like Sydney, Australia-based financial products and services organization Tyro, governance is already paying off.

“Business decisions at Tyro are aligned with technology-based solutions, leveraging technological and governance components to improve Tyro’s overall resilience and confidence in its technology and product stack,” said Sascha Hess, director of operations at Tyro Payments, in the survey. “Aligning business and technology decisions has created a culture where leaders and team members alike have already clearly seen advancements toward our overall business results.”

The findings are based on 732 respondents from 87 countries.