There is lot more to be done in information and technology governance, suggested a new research led by Information Systems Audit and Control Association (ISACA). In terms of overall governance, cybersecurity policies and defenses were cited as top corporate governance technological challenges.
The study further revealed that board of directors and team of leaders are emerging as chink in the cybersecurity armor. As a result, many leadership teams are increasing funding for cybersecurity and risk management programs.
Matt Loeb, CEO of ISACA, told Security Brief, “The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organization’s digital assets”.
“There is much work to do in information and technology governance”, Loeb said, while adding “Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organizations to effectively and securely innovate through technology.”
Here are the survey findings:
- 90 percent of surveyed business leaders agreed that strong technology governance contributes to improved business outcomes.
- 69 percent reported that their leadership and board of director teams need to establish a clearer link between business and IT goals.
- 55 percent of respondents said their leadership team and board are ‘doing everything they can’ to safeguard their organization’s digital assets and data.
- 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting.
- 33 percent of organizations assess risk related to technology use on a monthly or more frequent basis.
- 48 percent will prioritize funding expansion in cyber defense improvements, more than the number that intend to significantly expand funding for digital transformation (33 percent) and cloud (27 percent).
- 27 percent also intend to fund increases in spending for security consultants, while 25 percent are going to invest in upgrades to network perimeter defenses and 17 percent on cyber insurance.
- 64 percent have already increased spending on risk management in the past year versus last year, while 33 percent intend to increase spending in enterprise risk management programs over the next 12 months.
- When it comes to tackle internal cyber threats, 61 percent said the board or senior leadership team believes there is huge risk from both internal and external threats.
- With no plans to increase funding for next year, 35 percent intended to invest in data security training for employees, while 15 percent on cybersecurity training for board members, and 21 percent on employee privacy training.
General Data Protection Regulation (GDPR) remains a problem
Thirty-two percent are satisfied with the progress they’ve made to prepare for GDPR, 35 percent are unsure about their progress, and 40 percent are taking a wait-and-see approach to see how GDPR will impact their organizations.
Top organizations with best technology governance
Out of over 150 companies, Microsoft, Google, and IBM emerged as the best companies doing an exemplary job of business technology governance.