The United States has been dealing with the Covid-19 pandemic for about a year. In February/March 2020, many organizations sent most or all employees to work from home due the pandemic. It has been a year of disruption and change in how we work, and a year of increased risk to organizations as a whole, including technology-driven risk.
In the fall of 2020, ISACA and Protiviti conducted a global survey of almost 7,500 IT audit and risk leaders and professionals to gain their insight on some of the biggest technology risks their organizations will face in 2021. The organizations surveyed were broken into two groups: digital leaders and other organizations. Digital leaders were identified as organizations who claim to either have a proven track record of adopting emerging technologies or disrupting traditional business models; have digital aspects of strategic plans in place that are managed quantitatively or continuously improving; and have enabled high levels of process optimization or innovative and disruptive technologies.
The top 10 technology risks for 2021 were identified as:
- Cyber Breach
- Confidentiality and Privacy
- Regulatory Compliance
- User Access
- Security Incident Management
- Disaster Recovery
- Data Governance
- Third-Party Risk
- Remote Workplace Infrastructure
- Availability Risk
The top 10 list of risks is similar for both digital leaders and the other organizations. The biggest discrepancy is regarding cloud strategy and adoption. While digital leaders are highly concerned with this, other organizations are not. This stems from digital leaders moving more processes and systems into the cloud and preparing for the future. It should come as no surprise that there are inherent risks any time you introduce new technology solutions. With this, cyber breach is the top technology risk for 2021, so identifying the risk of exposure remains ever so critical. In a year where the majority of office workers may continue to work from home, it remains critical for organizations to continuously assess, monitor and effectively manage technology risks.
Risk Assessment Frequency
Assessing risk is a very important part of any organization’s security, especially in today’s technology-driven work environment and in the midst of a pandemic. Of the organizations surveyed, 92% claim to assess technology risk in some capacity. The frequency of risk assessments depends on the type of organization. 49% of organizations who claimed to be digital leaders identify and assess technology risk on a continual basis (more than monthly). Only 24% of other organizations continually identify and assess technology risk. 41% of other organizations (not digital leaders) identify and assess technology risk on an annual basis.
As expected, some organizations are beginning to adjust how often they are assessing risk due the challenges of the pandemic. Of the organizations who completed risk assessments, at least a third (41% of digital leaders and 34% of other organizations) claim that pandemic-related disruptions and changes have caused them to adjust the nature or frequency of technology risk assessments.
Managing Risk
Of all industries and regions, Cyber Breach was either the first or a top 3 technology risk identified. Confidentiality and Privacy, Third-Party Risk and Security Incidents all were near the top as well. Organizations need to be able to manage and assess risk in order to protect client, employee and third-party data. All organizations should conduct a technology risk assessment on at least an annual basis or more frequently as their technology landscape changes or new systems are introduced. As evident in the survey results, these assessments are starting to occur more frequently for more technology-focused and technology-reliant organizations.
How Can Schneider Downs Help?
Schneider Downs IT Risk Advisory practice can help conduct an organization’s technology risk assessment and assist in performing third-party risk management, as well as perform privacy assessments such as GDPR compliance and gap assessments. Schneider Downs Cybersecurity team can help with preventing and responding to cyber breaches and incidents. To learn more about our Risk Advisory and Cybersecurity services please visit www.schneiderdowns.com/risk-advisory-services and www.schneiderdowns.com/cybersecurity
If you specific questions please feel free to contact the team at [email protected].