41% of organisations are not protected against IT security risks

The focus on risk and compliance management comes at a critical juncture as companies are under considerable pressure to protect customer information and privacy, and sensitive business information (business plans, intellectual property, etc.) against threats from cyber criminals, competitors, and even hostile governments. These pressures have intensified as national and regional governments, industries, in some cases, business partners require increasingly tight compliance in implementing and enforcing IT policies, processes, and controls around key assets and sensitive information. Most companies have to deal with multiple regulations and no business sector is exempt from this. Forward-thinking companies have implemented or are in the process of developing risk management and compliance initiatives. They are avoiding check-box compliance and fire drill responses to security incidents in favor of sustained, continuous, and auditable risk management programs that address IT security as a business risk.