itb-nz logo
Story image

4 reasons behind the growing interest in IT risk

09 Jan 2014

Beyond the hype and hysteria in the press about cybersecurity threats, board members and senior executives are genuinely interested in the IT risks they currently face.

This growing interest in IT risk is driven by four consistent themes that we are seeing in our daily client interactions at Gartner.

1. Lack of understanding

Chief Information Officers and Chief Information Security Officers at many companies are just now beginning to have regular interactions with board members about IT risk.

However, even when these interactions are happening, they are often missing the mark because the IT risks are not presented in a business context that offer board members an opportunity to decide and act.

In our recent 2013 Global Risk Management Survey, we discovered that more than half of the companies surveyed are not using risk management data effectively when communicating with the board (see graphic below).

2. Increasing pressure to disclose technology risks

Market and industry regulators are pressing companies to be much more transparent in the disclosure of the technology risks they face. For example, the U.S. Securities and Exchange Commission issued guidance in 2011 that instructs public companies to disclose the following:

* Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences;

* To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks;

* Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences;

*Risks related to cyber incidents that may remain undetected for an extended period; and

* Description of relevant insurance coverage.

3. Lack of visibility into key business relationships with third-parties

As more companies look to improve the efficiency of their operations, the number of third-party relationships in the form of outsourcing arrangements or technology vendor contracts (i.e. cloud computing) have skyrocketed. This has increased the level of IT risk exponentially and drawn the focus of industry regulators.

Just recently, the U.S. Office for the Comptroller of the Currency issued guidance to financial services companies regarding third-party risk management practices.

Also, the U.S. Department of Health and Human Services just began enforcing new rules under the Health Insurance Portability and Accountability Act (HIPAA) requiring business associates of covered healthcare entities to comply with the act.

So, businesses who provide services such as claims processing or medical records management on a third-party basis are now required to comply on behalf of the healthcare entity they serve. Efforts such as these require greater visibility into the risks associated with third-party technology assets.

4. Growing interconnection between technology and business risks

As my colleague Mark Raskino echoed our Global Head of Research Peter Sondergaard in a recent blog post, “every company is a technology company!” We are now entering what Gartner calls the digital industrial economy.

In this new economy, technology is becoming the driving force behind business innovation and competitive advantage. However, without a keen understanding of the risks inherent in the use of these new technologies, what may be the new business driver may also be its death knell.

By John Wheeler - Research Director, Gartner

Story image
Why automating the finance function is critical for future growth
As well as continually struggling with tedious workflows and manual processing, many finance professionals are still finding it a challenge to complete their month-end close. This is where software can help, writes BlackLine regional vice president for A/NZ Claudia Pirko.More
Story image
Samsung extends partnership with Google, joins Android Enterprise Recommended programme
Samsung’s participation in the programme gives customers added assurance that its participating products meet the hardware and software requirements set out by Google for the enterprise.More
Story image
GitHub shares 'greatest hits' open source repositories with historic libraries
Barely 12 months after launching an initiative to preserve open source software for future generations, GitHub is now sharing these collections with major libraries around the world.More
Story image
E-waste becoming a massive issue for businesses, so what can be done?
E-waste is a global concern, and is quickly becoming a crisis of its own, the researchers state. In fact, more than 53 million metric tons of e-waste was produced in 2019.More
Story image
Webinar: TLC for Kids on their usage of Nintex Drawloop DocGen
The charity is using the software to free up resources and enable its team to focus on its mission — which, simply put, is to put smiles back on sick kids’ faces. It does this through its TLC Ambulance, Rapid TLC, and distraction box programs, and its services are used over a million times each year across Australia.More
Link image
Join Nintex on 3 December for Workflow Wonders: TLC for Kids
TLC for Kids is a charity that puts smiles back on childrens’ faces during times of illness. Learn how the charity leverages Nintex to free up resources so it can focus on what really matters. Nintex will donate A$5 for each registration to TLC for Kids! Find out more.More