Information Security Responsibilities? What responsibilities?
Few companies today think they are underspending on IT. There are many, however, which are overspending â€¦ and still not achieving a reasonable
level of information protection.
According to the IT Policy and Compliance Group (IT PCG), organisations now rank the loss of confidentiality and integrity as the top two business
risks, followed by loss of availability.
The ITPCG has ongoing benchmarks measuring three key performance results:
1. Loss or theft of customer data
2. Incidence and extent of business downtime from IT failures and disruptions
3. Deficiencies in IT that must be corrected to pass audit
The best results are experienced by only 13 percent of organisations. Annually, these companies endure less than three losses or thefts of sensitive
information, less than six hours of business downtime and less than three deficiencies to correct to pass audit. Those are the best results.
The bulk of companies are experiencing results that are considerably worse - nearly seven in 10 organisations suffer data loss or theft rates ranging
from three to 15 each year, between seven and 79 hours of business downtime and between three and 15 compliance deficiencies in IT that must be
corrected. This is the â€˜normative' group.
Nearly two in 10 organisations - 19 percent - are experiencing the worst outcomes, the highest data losses or thefts, the most downtime from IT
failures and the largest problems with regulatory compliance. They experience more than 15 losses or data thefts each year, 80+ hours of business
downtime from IT failures and more than 15 IT deficiencies that must be corrected to pass audit.
Interestingly, the financial outcomes being experienced by organisations are directly related to the outcomes being managed within IT.
And while those numbers might make security and compliance sound like an IT issue, the potential exposure to financial loss - and in almost every
case, the suffering of actual financial loss - means that this is a whole-o