Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Improving employees’ IT risk awareness is top priority: ISACA survey

Jack Loo | Nov. 19, 2012
Budget is no longer the main concern in addressing risk in China and Hong Kong.

Budgetary constraints are no longer the top priority for IT executives in China and Hong Kong when addressing business risk, according to an ISACA survey.

Only 17 percent cited budget as a top hurdle to addressing risk, down substantially from 28 percent last year, according to ISACA's 2012 IT Risk/Reward Barometer survey

This year, lack of management support (22 percent) replaces budget constraints as IT professionals' biggest challenge in addressing IT-related business risk. This explains why 53 percent of the respondents feel that the most important action is to increase risk awareness among employees at all levels, representing an 18-point jump from the previous year.

The 2012 IT Risk/Reward Barometer is a global survey based on an online polling of 4,512 IT professionals who are ISACA members, including 91 in Hong Kong and China.

The survey also found out that nearly 90 percent of respondents from China and Hong Kong plan to increase or maintain their staff levels for information security, IT risk management and IT assurance in 2013.

One area that was put under the IT professionals' microscope in 2012 is the blurring line between personal and work devices. The survey shows that 44 percent of respondents believe the risk of "bring your own device" (BYOD), in which employees use their own devices for work, outweighs the benefit.

"Although IT professionals' concern over the risk associated with BYOD is understandable, the usage of employees' devices for work is a growing trend and it has its own merits," said Simon Chan, president of the ISACA China/Hong Kong Chapter.

"ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises deal with this challenging issue. By applying COBIT to mobile device security, enterprises can establish a uniform management framework and that helps them plan, implement and maintain comprehensive security for mobile devices. This will help enterprises reap the benefits of BYOD."

Tighter BYOD controls

The China/Hong Kong market also saw enterprises exert tighter control over work-supplied IT devices for personal use, according to the survey. Nearly seven in 10 organisations (69 percent) surveyed this year limit or prohibit the use of a work e-mail address for personal online shopping or other non-work-related activities, representing a 19-point jump from last year.

About 63 percent said they limit or prohibit using work-supplied devices for personal use, marking a 13-point increase from 2011. The control over the use of work devices for accessing social networking or daily deal sites has become tighter as well, with 64 percent of respondents limiting or prohibiting such activities, up from 56 percent a year ago.

Meanwhile, there has been a growing interest in ISACA's Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certifications, observed Chan.

"The CRISC programme has granted more than 16,000 certifications and become a globally respected and recognised programme in just two years," Chan said. "Meanwhile, CISM, now in its 10th year, is also seeing continued growth."


Sign up for CIO Asia eNewsletters.