ISACA Survey: Now is the Time to Increase Employees’ IT Risk Awareness
Nearly Half of Enterprises in China and Hong Kong Will Increase Info Security Staff in 2013; 53% Cite Priority in Increasing Employees’ Risk Awareness
Hong Kong, November 14, 2012: Gone are the days when budgetary constraints topped IT managers’ mind as the greatest hurdle in addressing IT-related business risk. According to ISACA's 2012 IT Risk/Reward Barometer survey, nearly 90% of respondents from China and Hong Kong indicated that they plan to increase or maintain their staff levels for information security, IT risk management and IT assurance in 2013. Only 17% cited budget as a top hurdle to addressing risk, down substantially from 28% last year.
The ISACA 2012 IT Risk/Reward Barometer is based on an online polling of 4,512 ISACA members from around the world, including 91 members in Hong Kong and China. The study, now in its third year, helps gauge current attitudes and organizational behaviors related to the risks and rewards associated with IT projects and emerging trends.
This year, lack of management support (22%) replaces budget constraints as IT professionals’ biggest challenge in addressing IT-related business risk. This explains why 53% of the respondents thought the most important action is to increase risk awareness among employees at all levels, representing an 18-point jump from the previous year.
BYOD Under the Microscope
One area that was put under the IT professionals’ microscope in 2012 is the blurring line between personal and work devices. The survey shows that 44% of respondents believe the risk of “bring your own device” (BYOD), in which employees use their own devices for work, outweighs the benefit.
“Although IT professionals’ concern over the risk associated with BYOD is understandable, the usage of employees’ devices for work is a growing trend and it has its own merits,” said SimonChan, president of the ISACA China/Hong Kong Chapter. “ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises deal with this challenging issue. By applying COBIT to mobile device security, enterprises can establish a uniform management framework and that helps them plan, implement and maintain comprehensive security for mobile devices. This will help enterprises reap the benefits of BYOD.”
COBIT also provides guidance on how to embed security for mobile devices in the corporate governance, risk management and compliance strategy, using COBIT 5 as the overarching framework for GRC.
The China/Hong Kong market also saw enterprises exert tighter control over work-supplied IT devices for personal use, according to the survey. Nearly seven in 10 organizations (69%) surveyed this year limit or prohibit the use of a work email address for personal online shopping or other non-work-related activities, representing a 19-point jump from last year. About 63% said they limit or prohibit using work-supplied devices for personal use, marking a 13-point increase from 2011. The control over the use of work devices for accessing social networking or daily deal sites has become tighter as well, with 64% respondents limiting or prohibiting such activities, up from 56% a year ago.
“The emphasis on information security and risk management is evidenced in the market’s growing interest in ISACA’s Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certifications. Established for about two years now, the CRISC program has granted more than 16,000 certifications and become a globally respected and recognized program,” Chan said. “Meanwhile, CISM, now in its 10th year, is also seeing continued growth.”
ISACA’s CISM is a certification program that is developed specifically for experienced information security managers. CRISC is designed to provide certification for IT professionals who have hands-on experience with risk identification, assessment, evaluation, response and monitoring. For additional information on CISM or CRISC, visit www.isaca.org/certification. View the full results.
About the 2012 IT Risk/Reward Barometer
The annual IT Risk/Reward Barometer helps gauge current attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior at peak seasonal times.
The study is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 91 members in China-Hong Kong. A separate online survey was fielded among 1,224 US consumers by M/A/R/C Research from 8–10 October 2012. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. View the full results.
With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Kristen Kessinger, +1.847.660.5512 email@example.com
Ketchum Hong Kong
Carl Wong, +852.3141.8083 firstname.lastname@example.org
Ceci Chan, +852.3141.8018 email@example.com
ISACA China Hong Kong Chapter
Peter Koo, +852.8101.2801 firstname.lastname@example.org