The Daily Swig Web security digest

ISACA urges business leaders to address tech governance gap

James Walker | 04 October 2017 at 14:00

The need to safeguard digital assets is more important than ever, but not all executive teams are walking the walk in matters of cybersecurity.

While senior business leaders around the world agree that better technology governance has a clear positive impact on organizations, not enough companies are putting that knowledge into action, according to new research from global technology association, ISACA.

In a survey of 730 technology leaders, ISACA’s latest study, Better Tech Governance Is Better for Business, found that more than 90% of respondents agree that strong technology governance contributes to improved business outcomes and increased agility.

Despite recognizing the link between governance and outcomes, a governance gap still exists, with 69% reporting that their leadership and board of director teams need to establish a clearer link between business and IT goals.

As a part of overall governance, cybersecurity policies and defenses were cited as the number one corporate technological challenge faced by senior leadership teams globally.

But when it comes to cybersecurity, not all executive teams and boards are walking the walk. According to the study, just 55% of respondents said their organization’s leadership team are “doing everything they can” to safeguard their company’s digital assets and data.

In addition, the research found that just 21% of senior leadership and boards are briefed on risk topics at every senior leadership meeting, while only one-third of organizations assess risks related to technology use on a monthly or more frequent basis.

Looking ahead, however, and no doubt in light of the high-profile data breaches that continue to hit headlines around the world, ISACA said many leadership teams are prioritizing and increasing funding for cybersecurity and risk management programs.

Well over half (64%) of organizations have already increased spending on risk management in the past year versus last year, and 33% intend to increase spending in enterprise risk management programs over the next 12 months.

In addition, almost half (48%) of leadership teams will prioritize funding expansion in cyber defense improvements, beating the number that intend to “significantly expand” funding for digital transformation (33%) and cloud (27%).

Leadership teams also intend to fund increases in spending for security consultants (27%), upgrades to network perimeter defenses (25%), and cyber insurance (17%).

“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organization’s digital assets,” said Matt Loeb, CEO of ISACA.

“The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organizations to effectively and securely innovate through technology.”