By Freya Purnell
New research by IT security specialist Turnkey Consulting and SAP show that over two-thirds (71.8 per cent) of organisations believe that the IT security risks they face from external sources have increased.
The survey, ‘A Risk Perspective on 2014’, also found that 38.2 per cent of respondents had experienced a fraud incident in 2013, up from 31.3 per cent in 2012, and 30 per cent had experienced a data loss that affected business operations, up significantly from 17.1 per cent the previous year.
More organisations are using automated controls to prevent or decent exceptions in a business process, with 55 per cent saying they did so in 2013 and plan to use more.
However the role of IT security in reducing risks does not appear to be well understood, with 17.5 per cent saying that investment in IT and systems security was an unnecessary expense only undertaken to auditors happy (up from 12.2 per cent in 2012).
Only 37.5 per cent believe such investment is essential business practice that can deliver return on investment, down from 43.9 per cent in 2012.
IT security is also still regarded as the domain of the IT function, rather than a broader business issue, with 40 per cent of respondents saying it was IT’s sole responsibility, up form 28 per cent in 2012.
Turnkey Consulting managing director, Richard Hunt, said it was concerning that IT security is not seen as an integral part of the business.
“Corporate SAP systems are accessed from an increasing number of touchpoints, both inside and outside the organisation as employees adopt mobile working, and enterprises look to enhance third party relationships with suppliers and customers,” said Hunt.
“Although this streamlines business processes, it increases the risk to the enterprise, as reflected by the key findings of this year’s survey. An end-to-end approach to security is required to fully secure the organisation’s systems and data.”
When it comes to specific new technologies, it seems security is a much higher priority, with 39.5 per cent of organisations planning to invest in big data technology such as HANA also intending to invest in additional security (up from 25.9 per cent in 2012), with 48.7 per cent of organisations spending on mobile strategies and 40 per cent of those investing in cloud computing also including additional security in their plans.
