Nineteen percent of business executives admit their companies are “behind the curve” when it comes to managing information technology risks, according to a new survey by accounting firm ParenteBeard.
The poll found that 67 percent of the respondents described their efforts as only "average." In addition, only 15 percent of the business executives surveyed said they have any kind of IT internal audit function to evaluate IT risk.
The survey of more than 70 executives in the manufacturing, distribution and technology industries indicates that many businesses lack internal controls to manage their IT systems, despite their increasingly prominent role in almost every business function. Forty-two percent of the survey respondents said their information technology success is "inextricably linked" to their overall business success.
Many executives remain unaware of the risks posed by their IT systems. Thirty percent of the survey respondents said they never worry about suffering a data breach or any type of data loss. An additional 30 percent said their company has been hacked at some point. Of that group, only 6 percent has made significant upgrades to their IT security since the hacking. These findings are indicative of the fact that nearly two-thirds (61 percent) said that IT leadership never attends audit committee meetings.
“Make no mistake, if sensitive or private data is hacked, companies will suffer consequences in the form of customer backlash, lawsuits or even government investigations,” said Jeff Krull, a partner in ParenteBeard’s corporate governance and risk management practice, in a statement. “Companies need to take an integrated approach and include their IT leadership in any discussions about risk management practices.”