1 . Twenty percent of the population has the worst data protection results, with more than 12 losses or thefts of sensitive data each year .
2 . Sixty-eight percent of the population has normative data protection results, with between 3 and 12 losses or thefts of sensitive data annually .
3 . Twelve percent of the population has the best data protection results, with fewer than 3 losses or thefts of sensitive data each year .
Data theft or loss and IT GRC maturity correlation: Same firms dominate In addition to the population distribution, the set of organizations that compose each of the major areas (least mature, normative, and most mature) is almost identical, with slight variations . For example, 75 percent of the firms with the least mature IT GRC results are the same firms with the largest and most frequent losses or thefts of sensitive data . Almost all—92 percent—of the firms with middling IT GRC results are the same firms with somewhere between 3 and 12 losses or thefts of sensitive data each year . And, nearly all—96 percent—of the firms with the best IT GRC results are the exact same firms with the fewest and least frequent losses or thefts of sensitive data annually.
The alignment of the findings raises some interesting questions, such as:
• Is information more secure because of better regulatory compliance practices?
• Do better data protection practices deliver better customer satisfaction, retention, revenue, and profits?
• Are more mature results for IT GRC related to better business results, better data protection, and regulatory compliance results?
Regulatory compliance deficiencies and IT GRC maturity
Almost all—93 percent—of the firms with middling IT GRC results are the same firms with somewhere between 3 and 12 audit deficiencies that must be corrected to pass audit . And, nearly all—97 percent—of the firms with the best IT GRC results are the same firms with the least number of regulatory audit deficiencies that must be corrected to pass audit .
Business downtime from IT service disruptions
Very similar results are posted for business disruptions due to IT service disruptions, many of which are due to IT security events . Roughly 20 percent of all firms suffer the highest levels of downtime: more than 80 hours annually . Another 68 percent are operating somewhere in the middle, with between 2 and 80 hours of downtime each year due to IT disruptions . And, only 12 percent are fortunate enough to have business operations halted for 2 hours or less each year due to IT disruptions . Business downtime and IT GRC maturity correlation: Same firms dominate The majority—80 percent—of organizations with the least business downtime from IT service disruptions are the same firms with the least data loss or theft and the fewest regulatory compliance deficiencies to correct . A majority—63 percent—of the firms with the most stagnant business results are the same firms with the most business downtime from IT disruptions, the largest number of regulatory compliance deficiencies, and the most loss of sensitive data . Lastly, 78 percent of the firms with annual hours lost to IT service disruptions are the same firms with normative results for all of the metrics.
The alignment of the findings raises an interesting question: What are the IT GRC practices that translate into improved business results, including higher revenue, better profits, better customer retention, and improvements in IT service reliability, as well as better regulatory compliance results and less frequent loss of sensitive data?
To know more details 2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
Compliance Webcast and Video
1 comment:
I would really like your post ,it would really explain each and every point clearly well thanks for sharing.
Volkswagen Phaeton Turbo
Post a Comment