Organizational Complexity Poses Critical Cyberrisk

According to a recent survey on IT security infrastructure, 83% of businesses around the world believe they are most at risk because of organizational complexity.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” noted the Ponemon Institute’s “The Need for a New IT Security Architecture: Global Study,” sponsored by Citrix. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

Shadow IT, the information technology systems built and used by an organization without explicit approval, has largely cropped up because employees feel official tools are too complex or otherwise difficult and inefficient. As a result, company data is being put on personal devices and official business is conducted on platforms that enterprise security teams can not monitor or secure.

Nearly three-quarters of respondents said their business needs a new IT security infrastructure to reduce risk. With increasing amounts of sensitive data stored, new technology like the internet of things adopted, and new cyberrisk threats constantly emerging, addressing individual security challenges may be impossible, Citrix Chief Security Officer Stan Black told eWEEK. Rather, companies should focus on larger issues like controlling complexity, developing and maintaining strong incident response plans, and rigorously vetting vendors with access to systems or responsibility for storing data.

Check out more of the report’s findings in the infographic below:

organizational complexity cyberrisk

Top Board and C-Suite Risks for 2016

Regulatory changes, economic conditions and cyberthreats are the top concerns of board members and company executives this year, according to a new enterprise risk management survey. U.S.-based companies listed several operational risks as top concerns, while non-U.S. companies listed only one, cyberthreat, as a major concern, according to the report, Executive Perspectives on Top Risks for 2016, by North Carolina State’s ERM Initiative and Protiviti.

Overall, companies see the current business environment as riskier than in 2015, but not as risky as 2014. With increased inquiries and added concerns about risk from boards of directors and company executives, respondents indicated they will be investing more in risk management this year. “More organizations are realizing that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging,” the study found.

Boards of directors rated only one strategic risk among their top five concerns, with the remaining falling into macroeconomic and operational risk categories. CEOs, on the other hand, saw strategic risks as three out of their top five issues.
According to the study:

“This disparity in the viewpoints emphasizes the critical importance of both the board and management team engaging in risk discussions, given their unique perspectives may be contributing to an apparent lack of consensus about the organization’s most significant emerging risks.”

ERM Risks