Hyperproof released its 2021 IT Compliance Benchmark Report, a survey report containing comprehensive benchmarks on how tech companies are managing IT risks and IT compliance efforts during the pandemic, remote-work environment. The responses come from 1,029 professionals in the tech sector in Dec. 2020. All hold responsibilities for security assurance, information security, IT audits or IT risk management within their organizations.
The results reveal that when it comes to managing IT risks, most organizations understand what “good” looks like in theory. Yet struggles to operationalize important risk management activities are pervasive.
For instance, 65% of all respondents said they currently IT risks in an ad-hoc way, with siloed teams, processes, and multiple, disconnected tools. When it comes to managing IT risks and compliance efforts on a day-to-day basis, one in two respondents said they spend 50% or more of their total time at work on low-level, administrative tasks.
When organizations use multiple, disparate tools throughout their risk management process, collecting critical risk and compliance information is both tedious and difficult. Half of all survey respondents admitted that they have a limited understanding of how well existing risks are managed and limited ability to detect control failures that can lead to undesired risk exposure. In fact, 61% of all surveyed organizations have experienced a compliance violation — such as a data breach or a violation of a privacy law — in the past three years.
However, the research team found that not all organizations suffered equally from security incidents and compliance violations. Organizations that chose to take an integrated approach to IT risk management and made efforts to align their risk and compliance activities are much better at avoiding data breaches and privacy violations than organizations that believe the compliance function’s purpose is to enforce rules and conduct risk and compliance activities in silos.
While 61% of survey respondents overall reported their organization has experienced a compliance violation in the last three years, only 40% of those who take an integrated view of risk management and compliance activities experienced a compliance violation. On the other hand, 71% of all respondents who view the compliance function as the enforcer of rules have experienced a compliance violation in the past 3 years.
To see additional findings from Hyperproof’s 2021 IT Compliance Benchmark Report, please visit https://hyperproof.io/it-compliance-benchmarks
Image Licensed by Unsplash.com