Unplanned downtime (37%), security breach (23%) or data loss (29%)
Results of an independent survey
revealing fresh insights about IT strategies and infrastructures
deployed within companies and governments throughout the world.
Most notably, respondents cite a startling lack of senior
executive confidence that permeates organizations globally, specifically
concerning readiness around the critical IT requirements of continuous
availability; advanced security; and integrated backup and recovery.
Reduced investment in these critical areas threatens the ability of IT
infrastructures to withstand and quickly recover from disruptive
incidents such as unplanned downtime, security breaches and data loss
and underscores the need to adopt progressive strategies to achieve
trusted IT infrastructures.
The Global IT Trust Curve survey, administered by independent market research firm Vanson Bourne, spans 3,200 interviews across 16 countries and 10 industry sectors.
China received the top maturity ranking: Chinese IT
decision makers reported implementing the highest concentration of
sophisticated continuous availability, advanced security, and integrated
backup and recovery technologies. The United States ranked second in
maturity on the IT Trust Curve. Underscoring swift and
aggressive technology investments to solidify their world influence,
three of the four most mature countries - China, South Africa and Brazil
- are BRICS nations. Japan ranked last on the IT Trust Curve in the 16-nation survey.
The four big
megatrends in information technology today are cloud computing, big
data, social networking and mobile devices. Adoption and maturity of
these trends must float upon a sea of trust - trust that my information
is secure in the cloud, trust that my data won't be lost or stolen,
trust that my IT will be operational when it needs to be - which, these
days, is all the time. The more trust that can be earned and guaranteed,
the bigger and faster the impact of these trends. Conversely, the less
trust that is established, the more limited these trends will be. Where
countries fall on the IT trust maturity curve could affect their overall
ability to compete.
Chief among the findings are:
Lower levels of maturity permeate the globe:
- More than half (57%) of all respondents fall into the lower maturity categories, while only 8% place in the Leader category.
- The higher organizations land on the maturity curve, the more likely
they are to have already implemented more strategic and technology
projects such as big data analytics.
Lack of confidence in technology infrastructure:
- Nearly half (45%) of all respondents globally report that their
senior executives are not confident that their organizations have
adequate availability, security, and backup and recovery capabilities.
- When asked about executive confidence levels, the percentage of all
respondents within each maturity level who said their senior executives
are confident that their organizations have adequate availability,
security, and backup and recovery are: Laggard (39%), Evaluator (51%),
Adopter (65%) and Leader (81%).
- Japan has the smallest percentage of respondents (31%) reporting
that their senior teams have confidence in these key aspects of IT;
Germany has the highest percentage (66%).
- 19% (nearly one in five) of respondents worldwide cite an overall lack of confidence in their technology infrastructure.
Significant disparity exists between how IT and business leaders perceive improvements:
- While 70% of IT decision makers consider the IT department to be the
motivation/drive for future resilient and secure IT infrastructure, the
number drops to 50% for business decisions makers when asked the same
question.
- A similar perception gap extends in key disciplines such as
security. While 27% of IT respondents report being victims of a data
breach in the past 12 months, only 19% of business decision makers
globally report being victims, indicating they are not aware of all
technology incidents that impact the business.
Organizations with higher levels of maturity avoid - and recover more quickly from - disruptive incidents and with reduced consequence. For example, globally:
- 53% of organizations in the Leader segment of the IT Trust Curve
reported data recovery time measured in minutes or less for their most
mission critical applications. The percentage drops to 27% across all
maturity tiers.
- 76% of companies in the Leader segment believe they are able to
recover 100% of their lost data in every instance versus only 44% in the
lowest maturity segment.
- Organizations in the lowest maturity segment (Laggard) lost one and a
half times more money over the last 12 months as a result of downtime
than those in the highest maturity segment (Leader).
- Security breaches were the most costly events suffered by
respondents, who reported an average annual financial loss of $860,273
due to breaches, followed by $585,892 and $497,037 respectively for data
loss and downtime.
Widespread unplanned downtime, security breaches and data loss:
- 61% of all respondents' companies have suffered at least one of the
following incidents: unplanned downtime (37%), security breach (23%) or
data loss (29%) in the last 12 months.
- Top 4 consequences across organizations experiencing at least one of
the above incidents within the last 12 months were loss of employee
productivity (45%), loss of revenue (39%), loss of customer
confidence/loyalty (32%) and loss of incremental business opportunity
(27%).
Budget constraints (52%) reigned as the #1 obstacle to
implementing continuous availability, advanced security, and integrated
backup and recovery solutions. Resources and/or workload
constraints (35%), poor planning (33%) and knowledge & skills (32%)
rounded out the top four. China was the only country that did not report
budget as the #1 obstacle.
Top security concerns identified across all respondents were
third party application access (43%) and protection of intellectual
property (42%), pointing to the need for more advanced technology and
intelligence-driven models:
- There remains a heavy reliance on "prevention-oriented" security
tools, with more than 80% of respondents using anti-virus and firewalls
as the 2 most popular security solutions.
- Just 18% have adopted Security Information and Event Management
(SIEM) and even fewer, 11%, have adopted Governance Risk and Compliance
(GRC) solutions, which provide the necessary monitoring and response
capabilities needed to defend against more advanced threats.
Highly-regulated industries throughout the world displayed proportionally higher maturity levels:
In addition to the IT and Technology (#3) industries, the remaining Top 5
most mature industries globally are the highly-regulated financial
services (#1), life sciences (#2), healthcare (#4) and public sector
(#5).
Most IT
practitioners do everything within their power and control to protect
the enterprise. Where breakdowns can occur is in communicating up to
business leaders, executives, Boards and audit committees. We hear it
from Boards all the time. Practitioners need to be able to demonstrate
to leadership that they have a governance process whereby they can
adequately instill confidence that risks are being addressed in line
with the organization's overall risk appetite and profile. Success
against a particular threat is not just an accident or good luck, but
the result of a solid process that continually monitors and addresses
new risks and threats to the enterprise."
The time has come for the industry to double down. It's
impossible to deliver advanced security if we lack foundational
maturity. Without a predictable environment, or understanding of where
our assets are, or an ability to pick up on nuances and detect
behavioural anomalies, we will be unable to defend the organization.
That baseline of foundational maturity is an absolute enabler of
effective security and establishing overall trust.
Among
the many powerful insights that flow from this global study, the
rampant lack of senior executive confidence stands out as both alarming
and, unfortunately, a sign of the times. Nearly half of respondents say
their senior management has zero confidence that their organizations are
prepared with adequate availability, security, and backup and recovery.
That one startling fact stands as a wakeup call for company boards to
make the necessary investments to brace against both external and
self-imposed disruptions and threats to their IT systems and data.