ISACA Research Highlights IT Governance, Cyber Security Policies and Defenses

by | Oct 19, 2017

New ISACA research reveals that a lot more work still needs to be done in information and technology governance.

According to the research, cyber security and defenses present the biggest technological challenges to corporate governance. Boards of directors and team leaders have also failed to create a connection between business and information technology goals. 69% of the respondents believe that there is a lack of connection between the two.

The findings suggest that due to lack of connection between business and IT goals, business leaders need to become hyper vigilant to link them. This would allow them to capitalize, from a business perspective, while protecting the company’s digital assets. Microsoft, IBM, and Google are the top companies with exemplary performance in technology governance.

Study findings show that almost all business leaders (90%) agree that enhanced business outcomes are contributed to by strong technology governance. 55% of the participants acknowledged the work done by the leadership team and Board of Directors in safeguarding the organization’s digital assets and data. The research shows that 21% of the senior leadership and board members are informed of risk issues in every meeting they attend. Almost a third (33%) of the organizations conducts a risk assessment on technology use once in a month or more frequently.

The study reveals that 48% of the business leaders would prioritize increasing funds for cyber defense improvements. Those that would expand funding for digital transformation make 33% of the respondents while for the cloud the figure is 27%. Other areas that would have funding increments include security consultant (27%), upgrading network perimeter defense (25%), and cyber insurance (17%).

Research shows that in the past year, 64% of businesses increased their expenditure on risk management. In the next twelve months, 33% of the businesses intend to increase budgetary allocation for enterprise risk management programs. Majority of the respondents (61%) are of the opinion that senior leadership believes that there is a significant risk that emanates from both internal and external threats.

GDPR Preparations and Privacy Training

For the leaders that do not intend to increase their funding for the next year, 35% would be investing in employees’ data security training, 15% plans to invest in cyber security training for board members and 21% on privacy training for employees. The research indicates that 32% of the business leaders are pleased with the GDPR preparation progress. However, 35% are uncertain about the progress while 40% are waiting to see how the new law will impact their businesses.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy