“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organization’s digital assets,” said Matt Loeb, ISACA CEO. “The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organizations to effectively and securely innovate through technology.”
Only 55 percent say their organization’s leadership team and board are doing everything they can to safeguard their organization’s digital assets and data.
As a part of overall governance, cyber security policies and defenses were cited as the top corporate governance technological challenge and opportunity faced by senior leadership teams. Yet:
- Only 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting.
- Only one-third of organizations assess risk related to technology use on a monthly or more frequent basis.
Leadership teams recognize that internal cyber threats are as real as external ones. In fact, 61 percent say the board or senior leadership team believes there is heightened risk from both external and internal risks.
Despite the widely recognized importance of cyber security, most organizations are not planning to increase funding for training in 2018:
- 35 percent intend to increase spending in data security training for employees.
- 15 percent intend to increase spending for cyber security training for board members.
- 21 percent intend to increase spending for employee privacy training.
The majority of organizations are using some type of governance framework to help address areas like cyber security and risk:
- 28 percent use ISACA’s COBIT governance framework.
- Key benefits achieved from using a governance framework include assistance in meeting performance standards and compliance requirements—yet one in five organizations does not use one.
Related to privacy, there is still work to be done to prepare for the EU General Data Protection Regulation (GDPR). Specifically, among organizations affected by the regulation, only 32 percent are satisfied with the progress they’ve made to prepare for it. More than a third (35 percent) are unsure of the progress their organization has made, and 40 percent are taking a wait-and-see attitude about how GDPR will impact them
The online survey of ISACA members in senior leadership roles was conducted in the second quarter of 2017 and includes 732 respondents from 87 countries. Results are at www.isaca.org/tech-governance-impact.
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. ISACA equips professionals with knowledge, credentials, education and community to advance their careers and transform their organizations.