IT Risk Assessments Suffer From Lack of Automation, Planning: KPMG

IT Risk Assessments Suffer From Lack of Automation, Planning: KPMG
New Tech Brings Concerns
Passive Response Remains Commonplace
Assessments Lacking for Mobile, IoT Adoption
Compliance Role Dominates
Risk Mitigation Investments to Increase
KRI Delivery Brings Mixed Results
Excel Remains Tool of Choice
Automation Tools in Short Supply
Organizations Are Underprepared for Threats
1 of 10

IT Risk Assessments Suffer From Lack of Automation, Planning: KPMG

The vast majority of organizations are taking a “reactive and siloed” approach to IT risk assessments, according to a recent survey from KPMG. The accompanying report, titled “Disruption is the New Norm,” reveals that most companies only consult with risk assessment teams about projects after IT issues have already emerged. Few are constantly deploying data analytics to develop key risk indicators. Nor are they investing in automated tools to collect risk-related data. More than 200 senior executives responsible for IT risk management took part in the research, which was conducted by Forbes Research. This slide show presents highlights from the report—which contains additional survey research from KPMG—with charts provided courtesy of KPMG.

2 of 10

New Tech Brings Concerns

Among survey respondents, 46 percent said the deployment of new technologies within their organization would spur an expansion of their tech risk management efforts. One-half said emerging tech within their industries may also drive such an expansion.

3 of 10

Passive Response Remains Commonplace

Tech risk management is perceived as “reactive and siloed” among 87 percent of companies. More than seven of 10, in fact, said tech risk teams are brought into projects “after the fact,” only after issues begin to arise.

4 of 10

Assessments Lacking for Mobile, IoT Adoption

KPMG reports that 47 percent of organizations are adopting mobile apps and devices without assessing associated risks. When it comes to the internet of things (IoT), 46 percent are adopting this technology without assessing the risks.

5 of 10

Compliance Role Dominates

Nearly two-thirds of organizations view tech risk assessment as “an arm of compliance.” Just over one-third perceive of it as an “arm of cybersecurity.”

6 of 10

Risk Mitigation Investments to Increase

Nearly nine of 10 survey respondents believe that the assessment of tech risk drives value for their organization. Almost one-half predict that tech risk spending will increase over the next three years.

7 of 10

KRI Delivery Brings Mixed Results

Ninety-two percent of organizations use key risk indicators (KRIs) to measure the likelihood that individual events will bring harm, according to the report. But 87 percent of companies only “sometimes but not consistently” leverage data analytics to develop key risk indicators.

8 of 10

Excel Remains Tool of Choice

Two-thirds of organizations are still using common tools—like Excel—to develop KRIs. Nearly one of five develop their own tools in-house.

9 of 10

Automation Tools in Short Supply

One-half of companies collect data for risk reports via informal, ad hoc processes, such as having conversations with team members and collecting anecdotes. Only 18 percent are using automated processes to ensure IT risk data is collected regularly through system-based sources.

10 of 10

Organizations Are Underprepared for Threats

Just 40 percent of companies are “well prepared” for a cyber-event. Among incidents, more than 30 percent are linked to software glitches.

Top White Papers and Webcasts