As seen in the previous article, non-management of risk or its flawed implementation is a sign of disinterest from decision makers and shows the difficulty to implement a good IT security policy.
Why is the IT risk factor underestimated?
Too many firms and administrations still minimize the risk of digital transformation. The intangible virtual risk is sometimes difficult to apprehend by human, it is not an intuitive risk.
The CISO (Chief Information Security Officer) is often perceived as the person who sees the glass half empty and paints a bleak picture. With a very technical and restrictive speech, it gives an impression of conservatism while the true role of an CISO and to guide risk management in the better way.
He should no longer be seen as the one who says “no” but as the one who brings solutions to potential risks. Overall, there is a real lack of awareness of IT risk. The CISO position is not enough present in firms. Only big ones have it. There is therefore a real challenge to create this position in a company or to outsource it, but to introduce it would be a big step yet.
An organization does not have unlimited funds, so an arbitration for the allocation of expenses is made. The desire to go faster than the competitor in technology development can be understood from a strategic point of view: we must do better than the other. On the other hand, risk management expenses have an ROI that is less easy to measure than other expenses. In fact, it’s easier to see that by investing in comfortable and trendy office chairs: employees are happy, the locals get embellished and improve the image of the firm, the sick leaves go down. The impact of a risk investment will be more unclear to estimate. As a result, the budgets allocated to this sector are often insufficient.
It is therefore clearly a human factor that drives this insufficient IT risk management.
Given this situation, firms that do not have enough human or financial abilities to implement an effective IT security policy can entrust this risk to service providers such as ITrust.
The digital transformation is upsetting our lives and those of our organizations. The IS opening involves a mechanical increase in IT risk. The management of this risk plays a key role in the digital transformation and yet financial and human resources invested in this issue remain very insufficient.
So react and protect yourself! 😊