According to Protiviti’s 2013 IT Audit Benchmarking Survey, information technology challenges are top of mind for organizations and businesses of all types and sizes, including corporate board of directors. While not surprising as today virtually every organization, business or board uses IT, what is surprising is that most have significant room for improvement in their IT audit practices to ensure an available, secure and efficient IT environment.
Based on the survey results, the key findings show that:
Data Security is of Paramount Concern:
There are more threats in today’s IT environment than ever before. Protiviti recommends that organizations should expand their IT audits to help identify IT security issues, risks and gaps identified in their IT audit risk assessments and testing.
Organizations are not gaining the audit coverage they need:
Organization are lacking adequate IT audit resources and are limiting their ability to adequately identify and manage their IT risks. Protiviti suggests that limited IT audit resources are a significant problem when considering that nearly every function today is technology-enabled.
There remain major shortcomings in IT audit risk assessments:
Survey results show that not enough organizations are performing IT audit risk assessments on a regular basis, nor are they updating their assessments as frequently as they should.
More organizations are implementing strong IT governance programs/practices:
This is a very positive development as today organizations that fail to implement strong IT governance programs and best practices remain exposed to cyber theft, corporate espionage and regulatory action.
As Protiviti’s findings show, organizations, businesses and corporate board of directors need to conduct IT audits more frequently to help identify IT security issues, risks and gaps identified in their IT audit risk assessments and testing.
As with anything in life, there are no guarantees. This also applies to IT security. In today’s dynamic threat environment, security lapses will happen even with IT security in place. This is why cyber security and risk experts everywhere repeatedly state that “Its no longer a matter of if a cyber attack and/or data breach will happen, its just a question of when?”
If its just a question of “when” will a cyber attack or a data breach happen, then organizations, businesses and corporate boards need to be prepared to respond to such incidents, promptly and tactfully.
Today when organizations, businesses and corporate boards conduct their IT audit risk assessments they will most likely find that they have a gap in their insurance coverage, as most business insurance policies do not cover cyber risk or data breaches.
This is why its not only important to implement cyber security and data privacy policies and procedures, cyber/data breach insurance needs to be explored and considered as well. With the average cost of a data breach hovering around $5 million (according to the Ponemon 2013 Cost of a Data Breach study) organizations cannot afford to be unprepared in a crises.
While cyber/data breach insurance may not be able to prevent a cyber attack or a data breach from happening, it can help respond to such incidents when they happen.
Contact us today for assistance with your cyber/data breach insurance quote.