Press Release


 ISACA Finds European Businesses Are Cautious About Augmented Reality, Despite Business Benefits 

Rolling Meadows, IL, USA (14 Nov 2016) — Awareness of augmented reality (AR) grew rapidly this year with the popularity of the Pokémon Go game, which many organisations quickly leveraged as an opportunity to attract customers. However, a new study from global business technology and cybersecurity association ISACA shows European organisations are still hesitant to use it for business purposes. Only 19 percent of the 1,651 European professionals surveyed are convinced that the benefits of AR outweigh the risks—the majority remain unsure.

“We expect to see these numbers change in the very near future as businesses begin to view AR as a valuable technology that results in positive business outcomes, including improved training, education, marketing and customer experience,” said Rob Clyde, board director of ISACA and executive advisor at BullGuard Software.

For now, security concerns are among the top barriers to adoption of AR, along with worries about insufficient ROI. The findings also show:

  • 63 percent of the professionals surveyed globally don’t have a policy to address the use of AR apps in the workplace. This number goes up to 70 percent in Europe, with another 15 percent of European respondents being unsure of whether they have such policies in place.
  • 18 percent of European IT professionals have used AR outside of work.
  • 87 percent of European professionals think that consumers should be concerned about the privacy risks of augmented reality and 86 percent believe that organisations should be worried about the privacy risks associated with this technology.

Even organisations that aren’t actively using AR need to be monitoring it, says Clyde. Virtual graffiti apps using AR technology can deface buildings, landmarks and other surfaces with negative, unauthorized imagery. While the majority of respondents believe that their current workplace is vulnerable to “virtual graffiti” attacks, only four percent of European organisations have a programme in place to monitor them. Moreover, only 20 percent of the surveyed professionals say that their organisation has a way to detect publicly posted social media posts, picture or videos that are geotagged to their business and could show up in augmented reality applications that aggregate such information.

ISACA’s annual IT Risk/Reward Barometer polls thousands of IT and cybersecurity professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs organizations and consumers must make in weighing both the benefits and potential threats. This year’s five-country consumer study – conducted in the US, UK, Australia, India and Singapore – focused on IoT devices and those enhanced with AR.

More than three in four consumers in each region surveyed are concerned that these enhancements may make their devices more vulnerable to a privacy breach.

Despite most respondents reporting low confidence in their knowledge of AR-technology, there is a growing awareness of the potential benefits. A significant proportion of European respondents believe that AR-enhanced technology could be beneficial in a number of industries, including entertainment (66 percent), education (61 percent), and marketing and media (59 percent).

Among UK consumers, 63 percent think workplace trainings utilizing AR could make it easier for them to do their jobs, and 62 percent think AR-enhanced training guides would be helpful in their daily lives.  

The potential upside of AR is evident. A recent estimate from Goldman Sachs predicts that the hardware and software market for augmented reality and virtual reality will grow to over £65 billion by 2025.*

To help organisations overcome the barriers to adopting AR and realize the business benefits, ISACA offers the following recommendations:

  • Extend social media monitoring to AR platforms. Leverage and extend current social media policies and monitoring to augmented reality platforms.
  • Consider how AR can improve your business. Training, diagnostics and marketing are three areas with particularly strong potential.
  • Review your governance framework and update your policies. Incorporate use of AR as part of the business into organisational policies and procedures—including BYOD (bring your own device) and privacy policies.
  • Build security into every part of the process. Security is a crucial component of AR initiatives that helps ensure confidence in the data.

“Enterprises need to work on being agile and applying sound measures around governance, security and risk management to fully realise the benefits of these technology advances. Proactive monitoring for malicious activity like virtual graffiti and data breaches is critical for businesses to gain the full value of new technologies while mitigating risk,” said Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.

To view global survey results, including related graphics and expert insights, visit

About the IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of more than 140,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on online polling of 6,591 ISACA members among 140 countries from 19-29 September 2016. Additional online surveys were fielded by M/A/R/C Research among 1,230 consumers in the US, 1,000 consumers in the UK, 1,000 consumers in Australia, 1,001 consumers in India and 1,000 consumers in Singapore. The US survey ran 6-8 August 2016, and the UK, Australia, India and Singapore surveys ran 12-23 August 2016. At a 95 percent confidence level, the margin of error for each individual country sample is +/- 3.1 percent.


ISACA ( helps professionals around the globe realize the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organizations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organizations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organizations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.

LinkedIn: ISACA (Official),

* “Virtual & Augmented Reality : Understanding the Race for the Next Computing Platform,” Jan. 13, 2016, Goldman Sachs.


Kristen Kessinger, +1.847.660.5512,
Karl O’Doherty, Ketchum, +44.20.3755.6492,