ISACA study examines how well boardrooms are safeguarding digital assets
Rolling Meadows, IL, USA (2 October 2017) – More than 90 percent of surveyed senior business leaders agree that strong technology governance contributes to improved business outcomes and increased agility, according to ISACA’s latest research, “Better Tech Governance Is Better for Business.” Despite recognizing the link between governance and outcomes, a governance gap still exists, with 69 percent reporting that their leadership and board of director teams need to establish a clearer link between business and IT goals.
The global findings were released today at CSX 2017 North America, a Cybersecurity Nexus (CSX) conference held in Washington D.C. The data delves into corporate governance of all things digital, increased responsibilities and funding priorities as well as asking if boardrooms are doing all they can to plan, train, fund and safeguard their organization’s digital assets. The research summary, related infographic and additional resources can be found here.
“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organization’s digital assets,” said Matt Loeb, CEO of ISACA. “The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organizations to effectively and securely innovate through technology.”
Research Highlights - Cyber Security
Not all executive teams and boards walk the walk in matters of digital security. Data shows:
- Only 55 percent say their organization’s leadership team and board are “doing everything they can” to safeguard their organization’s digital assets and data.
- 21 percent don’t think their leadership team and board are “doing everything they can” to safeguard their organization’s digital assets and data, and 23 percent neither agree/disagree or don’t know.
As a part of overall governance, cyber security policies and defenses were cited as the number one corporate governance technological challenge and opportunity faced by senior leadership teams globally. Yet:
- Only 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting.
- Only one-third of organizations assess risk related to technology use on a monthly or more frequent basis.
Many leadership teams are prioritizing and increasing funding for cyber security and risk management programs:
- Almost half (48 percent) of leadership teams will prioritize funding expansion in cyber defense improvements, beating the number that intend to significantly expand funding for digital transformation (33 percent) and cloud (27 percent).
- Leadership teams also intend to fund increases in spending for security consultants (27 percent), upgrades to network perimeter defenses (25 percent), and cyber insurance (17 percent).
- Well over half (64 percent) of organizations have already increased spending on risk management in the past year versus last year, and 33 percent intend to increase spending in enterprise risk management programs over the next 12 months.
Leadership teams recognize that internal cyber threats are as real as external ones:
- 61 percent say the board or senior leadership team believes there is heightened risk from both external and internal risks.
Despite the widely recognized importance of cyber security, most organizations are not planning to increase funding for training over the next year:
- 35 percent of respondents intend to increase spending in data security training for employees.
- 15 percent of respondents intend to increase spending for cyber security training for board members.
- 21 percent of respondents intend to increase spending for employee privacy training.
The majority of organizations are using some type of governance framework to help address areas like cyber security and risk:
- ISACA’s industry-leading COBIT governance framework is used by 28 percent of respondents.
- Key benefits achieved from using a governance framework include assistance in meeting performance standards and compliance requirements.
Privacy and GDPR
Related to privacy, there is still work to be done to prepare for the EU General Data Protection Regulation (GDPR). Specifically, among organizations affected by GDPR:
- Only 32 percent are satisfied with the progress they’ve made to prepare for GDPR.
- More than a third (35 percent) are unsure of the progress their organization has made to prepare for GDPR, and 40 percent are taking a wait-and-see attitude about how GDPR will impact their organization.
Leading in Business Technology Governance
In ISACA’s research, respondents were asked to name organizations whose boards they perceive to be doing an exemplary job of business technology governance. Of the more than 150 organizations noted, Microsoft, Google and IBM were most often cited as leading by example.
In addition, at companies like Sydney, Australia-based financial products and services organization Tyro, governance is already paying off. “Business decisions at Tyro are aligned with technology-based solutions, leveraging technological and governance components to improve Tyro’s overall resilience and confidence in its technology and product stack,” said Sascha Hess, director of operations at Tyro Payments Ltd. “Aligning business and technology decisions has created a culture where leaders and team members alike have already clearly seen advancements toward our overall business results.”
About ISACA’s Better Tech Governance Is Better for Business Research
A unique survey that highlights the need for governance in leadership and the boardroom, the survey of ISACA members in senior leadership roles was conducted in the second quarter of 2017 and includes 732 respondents from 87 countries spanning Africa, Asia, Europe, Latin American, Middle East, North America and Oceania. Results can be found at www.isaca.org/tech-governance-impact.
Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.
Michelle Micor, +1.847.385.7217, firstname.lastname@example.org
Kristen Kessinger, +1.847.660.5512, email@example.com