The survey asked IT professionals about their organization’s position with regard to investment in IT and systems security and responses revealed that:
- 17.5% believe it is perceived as an unnecessary expense only undertaken to keep auditors happy, up from 12.2% in 2012.
- 37.5% say it is seen essential business practice that can deliver ROI, but this was down from 43.9% in 2012.
- 38.2% of respondents had experienced a fraud incident in 2013, up from 31.3% in 2012.
- In the past year, 30% had experienced a data loss that affected business operations, up from 17.1% in 2012.
- 57.5% of respondents believed their organization saw it as everyone’s responsibility, down from 64.6% in 2012.
- 40% of respondents reported that their organization regarded IT and systems security as the sole responsibility of IT, up from 28% in 2012.
“It is concerning to see that IT security is still not perceived as an integral part of the business,” says Richard Hunt, managing director of Turnkey Consulting. “Corporate SAP systems are accessed from an increasing number of touchpoints, both inside and outside the organization as employees adopt mobile working, and enterprises look to enhance third party relationships with suppliers and customers. This streamlines business processes, but it increases the risk to the enterprise. To tackle this, an end-to-end approach to security is required to fully secure the organization’s systems and data.”