Report debunks myths that contribute to IT failures

Process issues cause 53 per cent of IT system failures, while IT often underestimates the frequency of data loss incidents. According to the IT Risk Management Report Volume II, published by Symantec, while awareness of the importance of IT risk management is increasing, several myths persist.

Process issues cause 53 per cent of IT system failures, while IT often underestimates the frequency of data loss incidents. According to the IT Risk Management Report Volume II, published by Symantec, while awareness of the importance of IT risk management is increasing, several myths persist.

Driven by the analysis of more than 400 in-depth, structured surveys with IT professionals worldwide, the report dispels the four main myths associated with IT risk:

  • The myth that IT risk management is focused only on IT security. Of the survey respondents, 78 per cent gave 'critical' or 'serious' ratings to availability risk as opposed to security, performance and compliance risks, with 70, 68 and 63 per cent respectively. The fact that only 15 per cent separate the highest and lowest scoring risk-types 'indicates that IT professionals are adopting a more balanced, less security-centric view of IT risk'.
  • The myth that IT risk management is project-driven. The report revealed the following regarding the frequency of different types of IT incidents: 69 per cent expect a minor IT incident once a month; 63 per cent expect a major IT failure at least once a year; 26 per cent expect a regulatory non-compliance incident at least once a year; 25 per cent expect a data-loss incident at least once a year.
  • The myth that technology alone can manage IT risk. While technology plays a critical role in risk mitigation, the people and processes supported by technology also determine the effectiveness of an IT risk management program. The report says that process issues cause 53 per cent of IT incidents. Several controls also showed a decline in ratings from the previous report one year ago, causing increasing concerns.
  • The myth that IT risk management has already become a formal discipline. The report makes it clear that IT risk management is an evolving business discipline, rather than a precise science, due to reliance on the experience accumulated by individuals and organisations as they keep pace with a changing business and technology environment. There is a growing understanding that IT risk management incorporates elements of operational risk management, quality control and business and IT governance. Also, practitioners may come to see IT risk management as a set of fixed principles and relationships, universally-applicable across industries and geographies. www.symantec.com.

Image: While technology plays a critical role in risk mitigation, the people and processes supported by technology also determine the effectiveness of an IT risk management program

What do you think about the issues raised in this news story? Share your views at the Information Professional discussion forum.

More IT industry news from the IET

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close