As high-level security breaches and hacks continue to make global news, information technology security and governance are at the forefront of public concern. A recent survey conducted by research firm Gartner shows that information security governance practices are maturing on a global level. The findings indicate that businesses are increasingly concerned with information security, and thusly ramping up efforts to maintain compliance, business continuity, and an overall infrastructure that supports and protects their IT departments.
Gartner surveyed 964 respondents in organizations with at least $50 million equivalent in total annual revenue for the fiscal year 2014, with a minimum of 100 employees, in seven countries between February and April 2015. 63% of the respondents indicated that they receive sponsorship and support for their information security programs from leadership outside of the IT organization — up from 54% in 2014. 57% of respondents in North America indicated sponsorship from outside IT, a figure intriguingly lower than the 63% in Western Europe and the 67% in Asia/Pacific.
Tom Scholtz, vice president and Gartner Fellow, said in a statement: “Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cyber security incidents, are making IT risk a board-level issue.”
This public awareness is key to elevating IT security governance to mainstream status. Late last year, Stefaan Verhulst, co-founder and Chief Research and Development Officer for the Governance Laboratory at NYU told Blouin News that public understanding of a framework for governance — whether it be security, big data, or other widely-used, burgeoning technologies — is necessary for proper governance. As public awareness broadens around IT security needs, governance will become a concern for more high-level executives. Businesses will more heavily gear their boards towards compliance and information security.
Scholtz said: “71% of respondents indicated that IT risk management data influences decisions at a board level. This also reflects an increasing focus on dealing with IT risk as a part of corporate governance.”
What is evolving is the notion that information security is an overall business risk, not just an operational risk, according to Scholtz. But the figures from Gartner support that idea. The enterprise world is looking at IT governance as increasingly vital from the ground up, and has made its way to the top tiers of oversight. Thus, spending will necessarily increase; Gartner predicted in past reports that worldwide spending on information security was expected to reach $71.1 billion in 2014, with the data loss prevention segment recording the fastest growth at 18.9%. Total information security spending is expected to grow a further 8.2% in 2015 to reach $76.9 billion.
Hopefully the billions of dollars spent on securing IT will outweigh the billions that businesses spend repairing cyber breaches and data hacks.