The latest enterprise risk management news from around the world

Study identifies the main risks associated with digital transformation

‘Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe’, a new study by the Ponemon Institute sponsored by CyberGRX, presents the results of ¬†surveys of nearly 900 IT security professionals and C-level executives.

The study identifies four major risk themes:

  • Digital transformation is increasing cyber risk, and IT security has very little involvement in directing efforts to ensure a secure digital transformation process. Such misalignment of resources is illustrated by 82 percent of respondents believing that their organizations experienced at least one data breach as a result of digital transformation. 55 percent of respondents say with certainty that at least one of the breaches affecting their organization was caused by a third party.
  • Digital transformation has significantly increased reliance on third parties, specifically cloud providers, IoT and shadow IT; and many organizations do not have a third-party cyber risk management program.63 percent of respondents say their organizations have difficulty in ensuring a secure cloud environment and 54 percent of IT security professionals say avoiding security exploits is a challenge. Additionally, 56 percent of C-level executives say their organizations find it a challenge to ensure third parties have policies and practices that ensure the security of their information.
  • Conflicting priorities between IT security and the C-suite create vulnerabilities and risk; these two groups do not agree on the importance of safeguarding risk areas, including high value assets. IT security respondents are more likely to say the rush to produce and release apps, plus the increased use of shadow IT, are the primary reasons their organizations are more vulnerable following digital transformation. But in contrast, C-level respondents say increased migration to the cloud and increased outsourcing to third parties makes a security incident more likely. The majority of C-level respondents do not want the security measures used by IT security to prevent the free flow of information and an open business model.
  • Budgets are, and will continue to be, inadequate to secure the digital transformation process; the majority of organizations do not have adequate budget for protecting data assets and don’t believe they will in the future. In fact, only 35 percent of respondents say they have such a budget. Because of the risks created by digital transformation, respondents believe the percentage of IT security allocated to digital transformation today should almost be doubled from an average of 21 percent to 37 percent. In two years, the average percentage will be only 37 percent and respondents say ideally it should be 45 percent.

Download the full report.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.