IT risk myths uncovered

Awareness of the importance of IT risk management is increasing, but myths still remain, according to the second volume of Symantec’s IT Risk Management Report.

The vendor’s report is driven by the analysis of more than 400 in-depth, structured surveys with IT professionals worldwide and identifies key issues, trends and analyses.

The report found that practitioners are embracing a more balanced approach that encompasses security, availability, compliance and performance risks, but there is still the issue of misunderstandings of IT risk management which can lead to potential IT system failures, and ultimately impact business continuity.

Most interestingly the report uncovered four myths which remain in the IT risk space.

MYTH ONE: IT risk is security risk

Despite traditional perceptions associating IT risk primarily with security risks, survey results indicate the emergence of a broader view among IT professionals.

Of the survey respondents, 78 percent gave “critical” or “serious” ratings to availability risk as opposed to security, performance and compliance risks, with 70, 68 and 63 percent respectively. The fact that only 15 percent separate the highest and lowest scoring risk-types indicates that IT professionals are adopting a more balanced, less security-centric view of IT risk.

“It is encouraging to see Symantec’s report highlight that organisations are recognising the criticality of managing IT risk in areas such as availability and performance in addition to security,” said Jon Oltsik, senior analyst at Enterprise Strategy Group. “In today’s connected world, businesses are starting to understand that failures across a broad spectrum of systems can impact the business operations and results.”

The report findings confirmed that security and compliance risks often attract attention because of their high visibility and impact – 63 percent of respondents rated data loss incidents as having a serious impact on their business. However, increased emphasis is being placed on availability risks, which the report shows can flow through the value chain and create impacts measuring millions of dollars, even from minor performance issues. Researchers at Dartmouth and the University of Virginia recently determined that a hypothetical
Supervisory Control and Data Acquisition (SCADA) network failure at an oil refinery would result in an estimated economic impact of US$405 million, with the supplier only bearing US$255 million of the impact, while others in the supply chain would assume the remaining loss.

it myths risk security uncovered