Symantec Finds Scope of IT Risk Widening

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Symantec has released is second-annual Risk Assessment survey and the results show that the definition of "risk" is expanding, as are the threats facing IT.

The survey of 405 IT managers, undertaken between February and November 2007, found that their top concern is network availability -- with 78 percent citing it as a business-critical or serious risk.

The finding marked the first time that network availability surpassed security among IT managers' concerns.

Security, which 70 percent of IT managers said was business-critical or a serious concern, was followed by performance (68 percent) and compliance (60 percent).

"That told us two things: respondents are taking a broader view of IT risk and what constitutes it and they are shifting away from just a security-oriented view to one of availability, compliance and performance," said Jennie Grimes, senior director of Symantec's IT risk management program office.

But while IT managers' concerns are multiplying, confidence in their ability to keep a reign on things is slipping. More than half, 53 percent, said they expected a major IT incident related to those four issues.

Yet only a third said they had good management, configurations and backup plans.

Part of the reason for this is due to risk's increasing scope. A year ago, the industry considered risk incident to be hacking attacks. Now, the term includes human error -- like losing a laptop or backup tape, failing an internal audit and poor-performing applications.

The other problem is that with so many laptops being lost or stolen and insecure technologies, ranging from instant messenger to USB thumb drives, entering the workplace, IT is getting away from the people who live by it.

"I do believe the infrastructures are getting more complicated and I do believe that the notion of the perimeter of the network -- traditionally having been a physical thing -- is shifting to the human being and is causing complexity to increase," Grimes said.

One possible reason for the drop in confidence is that the definition of IT and its influence on companies have also grown -- so much so that IT has become the lifeblood of firms.

In recent years, the discussion among C-level executives has been how IT is expected to drive profits. Now the situation is beyond that, where companies simply can't function without it.

"Organizations are realizing how much they rely on IT," Grimes said.

For example, she said she noticed that many large firms now have a new executive in the ranks, the vice president of IT risk management, whose job is to deal with risks to the IT infrastructure.

Grimes said she's met about 40 now, all relatively new to the position.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...