IT security holding back business innovation

Information security and risk management plays a critical role in UK organisations, yet just a quarter of UK organisations see it as an enabler to innovation and growth

This is according to findings from a survey of UK IT decision makers commissioned by NTT Com Security (formerly Integralis), revealed at the firm's annual Information Security World (ISW 2013) conference in London this week. 

"It's interesting that those companies who see information security and risk as an enabler of business innovation and value, and who proactively base their spending on assessed risk, are much more likely to have the topic on the board's agenda," comments Neal Lillywhite, SVP Northern Europe at NTT Com Security. "They are also much more confident when it comes to information security and risk matters."

The survey reveals that more than half of all organisations view security and risk as critical to their discussions and planning of new products and services with six in 10 financial organisations admitting this is the case.

Those who see information security and risk as an enabler of business innovation and value, and who proactively base their spending on assessed risk, are much more likely to have the topic on the board's agenda.

However, concerns over information security and risk have stopped either a project or business idea progressing in nearly half (49 per cent) of all organisations surveyed, with the financial sector showing most concern 56 per cent have put projects or ideas on hold due to their fears.

The topic of risk was central to NTT Com Security's ISW event, where Nick Leeson, responsible for the collapse of Barings Bank in 1995, presented to a room of over 300 security and risk professionals. 

Talking about what happened at Barings, Leeson believes that the lack of safeguards and lack of visibility and control of risks are still in place in many large organisations: "Not enough focus goes into risk management and compliance and this is a real challenge.  Only lip service was paid to the fact that risk management needed to improve then and in many cases this is still the same today."

According to the research, confidence among businesses remains high, with more than half (52 per cent) of all respondents agreeing that the organisation is completely in control of information risk', rising to nearly three-quarters (72 per cent) for financial services organisations.

However, while organisations are basing their spending on a mixture of assessed risk and protecting against threats, it seems that most are still taking a reactive rather than a proactive approach to risk management. Only one in five organisations base their spending on assessed risk even less for businesses in financial services and around one in four base it on protecting against the next threat.

"While the majority see a benefit to having a proactive approach when assessing the risk of information assets, the fact that still only a fifth base their spending on assessed risk shows there is plenty of room for improvement and that there is still a lot of work to be done," adds Lillywhite.

This article was originally published on IT Pro's sister title Channel Pro.