61% of Companies Suffered at Least One of Following Incidents in Last 12 Months
Unplanned downtime (37%), security breach (23%) or data loss (29%)
Most notably, respondents cite a startling lack of senior executive confidence that permeates organizations globally, specifically concerning readiness around the critical IT requirements of continuous availability; advanced security; and integrated backup and recovery. Reduced investment in these critical areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss and underscores the need to adopt progressive strategies to achieve trusted IT infrastructures.
The Global IT Trust Curve survey, administered by independent market research firm Vanson Bourne, spans 3,200 interviews across 16 countries and 10 industry sectors.
China received the top maturity ranking: Chinese IT decision makers reported implementing the highest concentration of sophisticated continuous availability, advanced security, and integrated backup and recovery technologies. The United States ranked second in maturity on the IT Trust Curve. Underscoring swift and aggressive technology investments to solidify their world influence, three of the four most mature countries - China, South Africa and Brazil - are BRICS nations. Japan ranked last on the IT Trust Curve in the 16-nation survey.
The four big megatrends in information technology today are cloud computing, big data, social networking and mobile devices. Adoption and maturity of these trends must float upon a sea of trust - trust that my information is secure in the cloud, trust that my data won't be lost or stolen, trust that my IT will be operational when it needs to be - which, these days, is all the time. The more trust that can be earned and guaranteed, the bigger and faster the impact of these trends. Conversely, the less trust that is established, the more limited these trends will be. Where countries fall on the IT trust maturity curve could affect their overall ability to compete.
Chief among the findings are:
Lower levels of maturity permeate the globe:
- More than half (57%) of all respondents fall into the lower maturity categories, while only 8% place in the Leader category.
- The higher organizations land on the maturity curve, the more likely they are to have already implemented more strategic and technology projects such as big data analytics.
- Nearly half (45%) of all respondents globally report that their senior executives are not confident that their organizations have adequate availability, security, and backup and recovery capabilities.
- When asked about executive confidence levels, the percentage of all respondents within each maturity level who said their senior executives are confident that their organizations have adequate availability, security, and backup and recovery are: Laggard (39%), Evaluator (51%), Adopter (65%) and Leader (81%).
- Japan has the smallest percentage of respondents (31%) reporting that their senior teams have confidence in these key aspects of IT; Germany has the highest percentage (66%).
- 19% (nearly one in five) of respondents worldwide cite an overall lack of confidence in their technology infrastructure.
- While 70% of IT decision makers consider the IT department to be the motivation/drive for future resilient and secure IT infrastructure, the number drops to 50% for business decisions makers when asked the same question.
- A similar perception gap extends in key disciplines such as security. While 27% of IT respondents report being victims of a data breach in the past 12 months, only 19% of business decision makers globally report being victims, indicating they are not aware of all technology incidents that impact the business.
- 53% of organizations in the Leader segment of the IT Trust Curve reported data recovery time measured in minutes or less for their most mission critical applications. The percentage drops to 27% across all maturity tiers.
- 76% of companies in the Leader segment believe they are able to recover 100% of their lost data in every instance versus only 44% in the lowest maturity segment.
- Organizations in the lowest maturity segment (Laggard) lost one and a half times more money over the last 12 months as a result of downtime than those in the highest maturity segment (Leader).
- Security breaches were the most costly events suffered by respondents, who reported an average annual financial loss of $860,273 due to breaches, followed by $585,892 and $497,037 respectively for data loss and downtime.
- 61% of all respondents' companies have suffered at least one of the following incidents: unplanned downtime (37%), security breach (23%) or data loss (29%) in the last 12 months.
- Top 4 consequences across organizations experiencing at least one of the above incidents within the last 12 months were loss of employee productivity (45%), loss of revenue (39%), loss of customer confidence/loyalty (32%) and loss of incremental business opportunity (27%).
Top security concerns identified across all respondents were third party application access (43%) and protection of intellectual property (42%), pointing to the need for more advanced technology and intelligence-driven models:
- There remains a heavy reliance on "prevention-oriented" security tools, with more than 80% of respondents using anti-virus and firewalls as the 2 most popular security solutions.
- Just 18% have adopted Security Information and Event Management (SIEM) and even fewer, 11%, have adopted Governance Risk and Compliance (GRC) solutions, which provide the necessary monitoring and response capabilities needed to defend against more advanced threats.
In addition to the IT and Technology (#3) industries, the remaining Top 5 most mature industries globally are the highly-regulated financial services (#1), life sciences (#2), healthcare (#4) and public sector (#5).
Most IT practitioners do everything within their power and control to protect the enterprise. Where breakdowns can occur is in communicating up to business leaders, executives, Boards and audit committees. We hear it from Boards all the time. Practitioners need to be able to demonstrate to leadership that they have a governance process whereby they can adequately instill confidence that risks are being addressed in line with the organization's overall risk appetite and profile. Success against a particular threat is not just an accident or good luck, but the result of a solid process that continually monitors and addresses new risks and threats to the enterprise."