ISACA Research Highlights IT Governance, Cyber Security Policies and Defenses

New ISACA research reveals that a lot more work still needs to be done in information and technology governance.

According to the research, cyber security and defenses present the biggest technological challenges to corporate governance. Boards of directors and team leaders have also failed to create a connection between business and information technology goals. 69% of the respondents believe that there is a lack of connection between the two.

The findings suggest that due to lack of connection between business and IT goals, business leaders need to become hyper vigilant to link them. This would allow them to capitalize, from a business perspective, while protecting the company’s digital assets. Microsoft, IBM, and Google are the top companies with exemplary performance in technology governance.

Study findings show that almost all business leaders (90%) agree that enhanced business outcomes are contributed to by strong technology governance. 55% of the participants acknowledged the work done by the leadership team and Board of Directors in safeguarding the organization’s digital assets and data. The research shows that 21% of the senior leadership and board members are informed of risk issues in every meeting they attend. Almost a third (33%) of the organizations conducts a risk assessment on technology use once in a month or more frequently.

The study reveals that 48% of the business leaders would prioritize increasing funds for cyber defense improvements. Those that would expand funding for digital transformation make 33% of the respondents while for the cloud the figure is 27%. Other areas that would have funding increments include security consultant (27%), upgrading network perimeter defense (25%), and cyber insurance (17%).

Research shows that in the past year, 64% of businesses increased their expenditure on risk management. In the next twelve months, 33% of the businesses intend to increase budgetary allocation for enterprise risk management programs. Majority of the respondents (61%) are of the opinion that senior leadership believes that there is a significant risk that emanates from both internal and external threats.

GDPR Preparations and Privacy Training

For the leaders that do not intend to increase their funding for the next year, 35% would be investing in employees’ data security training, 15% plans to invest in cyber security training for board members and 21% on privacy training for employees. The research indicates that 32% of the business leaders are pleased with the GDPR preparation progress. However, 35% are uncertain about the progress while 40% are waiting to see how the new law will impact their businesses.