Why Enterprise Technology Teams Are Losing the Battle Against Digital Risk

Gartner recently published the results of a senior executive survey which revealed that an estimated 60% of large-scale enterprises will experience a significant digital security breach. These breaches will be caused by internal IT teams’ inability to manage digital risk as new technologies and the internet of things creates more complex and interconnected technology environments.[1]  

Why are technology teams unable to effectively manage the emerging complexities around digital innovation, exposing their organizations to such significant digital risk?  

Understanding the answer to this question is a critical step in finding the solution that will put your organization into the 40% that will remain digitally safe.

Digital Risk Factor 1: Unrealistic Expectations

In a report titled, “Top 10 Strategic Predictions for Businesses to Watch Out For,” Gartner estimates that digital businesses will require 50% less IT business process workers and 500% more digital business jobs by 2018.[2] This statistic is significant for two reasons:

1.       In the past, IT teams were the gatekeepers of technology for organization staffed with people who were experts in their disciplines but held little technical knowledge. However, today’s enterprise environment is drastically different. Technology now pervades and sometimes defines the way people work, making business jobs inherently digital. IT teams are no longer the experts on the technology being used by organizations and users are increasingly making purchasing decisions, expecting IT teams to manage integrations and digital risk around platforms with which they have no experience and cannot even evaluate.

2.       As digital tools and their accompanying data integrations proliferate, it becomes fundamentally impossible for IT staff to be experts on all things technology. Expecting the IT team to be a one-stop shop for the management of all enterprise technology, let alone to mitigate the accompanying digital risk exposure, is in and of itself one of the biggest digital risk factors of all.

Digital Risk Factor 2: Independent assessments that are nothing more than self-assessments

Historically, organizations have evaluated technology team performance through compliance audits. These audits are often performed by non-engineers, who are either part of the internal operations staff or external consultants with operational or financial backgrounds. In order to gather the necessary data for an assessment, engineering skills are required. As a result, IT teams are asked to gather the data on which their performance will be evaluated. Essentially, IT performance is determined by a self- assessment without checks and balances, creating situations where weaknesses are often covered up, unseen, or in some cases, exacerbated over years creating enormous technical debt—the accumulation of technological problems that become increasingly difficult and expensive to address as more systems are built on faulty foundations.

Digital Risk Factor 3: IT Brain Drain

A recent report from Beazley reveals that corporate data breaches attributable to human error comprise over one-third of all breaches that occur.  And, the report continues, the frequency of these types of breaches is on the rise, with a 10% reported increase between 2013 and 2014 alone.[3] Even more alarmingly, when organizations combine the risks associated with poorly designed systems, protocols and workflows along with human error, the degree of total risk explodes. According to a report issued by Online Trust Alliance in January, 2015, over 90% of the data breaches that occurred during the first half of 2014 could have been prevented if organizations had rethought their digital risk management strategies and policies.[4] 

But who is qualified to rethink digital risk management strategy?

Gifted engineering talent is aggressively pursued by the best technology companies in the world to innovate and create new products that change the way people live. This lure of this call coupled with high compensation rates has drained the engineering talent pool of the minds who are the best equipped to design the complex architectures and synthesize cross-disciplinary technology solutions. The engineering teams required to comprehensively manage digital risk and enterprise technology have become incredibly difficult to recruit and when found, prohibitively expensive.

So how do we set up our technology departments to succeed?

1.       Be realistic about the expectations laid on technology teams. We must revise technology and digital risk management strategies to reflect the modern day tech landscape, instead of carrying forward structures, hierarchies and processes that no longer work.

2.       Create checks and balances that enable your organizations to independently assess technology performance. These assessments should be performed by independent, third-party engineering teams who can also benchmark performance against best-practices, as well as competitors in your vertical.

3.       Support internal teams with the subject matter experts who are focused on the digital risk management and have the engineering skill and experience to help them succeed.

[1] http://www.gartner.com/newsroom/id/2794417

[2] http://www.networkworld.com/article/2692494/careers/gartner-top-10-strategic-predictions-for-businesses-to-watch-out-for.html

[3] http://www.canadianunderwriter.ca/news/most-data-breaches-due-to-human-error-but-those-caused-by-malware-spyware-most-expensive-beazley/1003264153/

[4] https://www.otalliance.org/news-events/press-releases/ota-determines-over-90-data-breaches-2014-could-have-been-prevented