A study by Gartner shows that COVID-19 has dramatically accelerated digital risk and the audit chiefs have identified IT governance as top risk for 2021.
The consulting firm says that abrupt work-from-home mandates have accelerated digital roadmaps, causing many organizations to vault years forward in the space of a few weeks.
Chief audit executives need to assess how new technology adoption may be hobbling their IT departments’ plans, with IT support incident requests doubling in early 2020 to support a huge increase in work-from-home employees. Additionally, managing access rights for many more remote workers presents new risks such as “privileged user abuse,” which is expected to climb over the next 12 to 24 months.
The report reveals that data governance is the second top risk for 2021. The pandemic means that organizations are expected to collect more sensitive personal information from employees and customers than ever before. Yet, data governance practices are regressing, with fewer dedicated resources to data privacy than in previous years. Organizations face increasingly complex data environments where their data is housed.
Growth in software-as-a-service (SaaS) and delays to upgrading legacy systems have created work environments where data is distributed across disparate platforms, software and servers. Such complexities continue to test audit executives, with only 45% expressing high confidence in their ability to manage data governance risk.
Cyber vulnerabilities are especially acute this year. Despite increased cybersecurity spending, only 24% of organizations routinely follow cybersecurity best practices. This will result in cyberattacks that are expected to cost organizations $6 trillion annually by 2021.
Drivers of this risk include lapses in security controls and increased employee vulnerability to social engineering. More than half of employees are currently using personal devices to do work remotely, while 61% have indicated their employer has not provided tools to secure these devices. Additional security lapses include a lack of attention to employee’s home network security and status of antivirus software.