A survey across 16 countries and 10 industry sectors reveals that a lack of senior executive confidence permeates organizations globally, specifically concerning readiness around the critical IT requirements of continuous availability; advanced security; and integrated backup and recovery. Reduced investment in these critical areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss and underscores the need to adopt progressive strategies to achieve Trusted IT infrastructures.
China received the top maturity ranking: Chinese IT decision makers reported implementing the highest concentration of sophisticated continuous availability, advanced security, and integrated backup and recovery technologies. Three of the four most mature countries -- China, South Africa and Brazil -- are BRICS nations. Japan ranked last on the IT Trust Curve in the 16-nation survey.
EMC says the adoption of the four IT megatrends – cloud computing, Big Data, social networking and mobile services – depend on how organizations maintain the level of trust. The more trust that can be earned and guaranteed, the bigger and faster the impact of these trends. Conversely, the less trust that is established, the more limited these trends will be. Where countries fall on the IT Trust maturity curve could affect their overall ability to compete.
Among enterprises in Asia Pacific and Japan (APJ), organizations in APJ need to fully trust in their IT for safety, reliability, and security. “Landing higher on the maturity curve means companies are more likely to adopt and implement strategic and leading-edge technology projects that in the long run, would not only help them overcome challenges in their IT but protect intellectual property and reputations with customers and stakeholders,” says David Webster, EMC APJ.
Surprising, and disconcerting, is the low level of maturity among APJ countries. The EMC survey says 57% of APJ respondents fall into the lower maturity categories. This collaborates the 48% of APJ senior executives who are not confident that their organizations have adequate availability, security, and backup and recovery capabilities.
Organizations that do land high on the maturity curve, like China, are more likely they are to have already implemented more strategic and leading-edge technology projects such as Big Data Analytics.
While 70% of IT decision makers consider the IT department to be the motivation/drive for future resilient and secure IT infrastructure, the number drops to 50% for business decisions makers when asked the same question. A similar perception gap extends in key disciplines such as security. APJ ranks the highest with 27% of APJ respondents reporting to be victims of a security breach in the past 12 months, while only 23% of global respondents report being victims, indicating they are not aware of all technology incidents that impact the business.
APJ companies are not as confident as other companies across the globe in recovering their lost data, with only 61% of APJ companies and 50% in the lowest maturity segment believing they are able to recover 100% of their lost data in every instance.
Security breaches were the most costly events suffered by APJ respondents, who reported an average annual financial loss of $945,188 due to breaches, followed by $589,537 and $437,805 respectively for data loss and downtime.
Fifty-four percent of APJ respondents reported incidents of unplanned downtime (24%), security breach (27%) or data loss (29%) in the last 12 months.
The top 4 consequences across APJ organizations experiencing at least one of the above incidents within the last 12 months were loss of revenue (42%), loss of employee productivity (41%), loss of customer confidence/loyalty (36%) and loss of business to a competitor (35%).
Not surprisingly, budget constraints (51%) is the number one obstacle to implementing continuous availability, advanced security, and integrated backup and recovery solutions. Poor planning (40%), knowledge & skills (38%), resources and/or workload constraints (35%) rounded out the top four.
Third party application access (49%) and protection of intellectual property (44%) were top issues of concern as well, pointing to the need for more advanced technology and intelligence-driven models. There remains a heavy reliance on “prevention-oriented” security tools, with more than 86% of respondents using anti-virus and firewalls as the 2 most popular security solutions.
The most mature industries in APJ are Life Sciences, IT and Technology, Financial Services, Healthcare and Energy.
According to Irina Simmons, EMC’s Chief Risk Officer, “Most IT practitioners do everything within their power and control to protect the enterprise. Where breakdowns can occur is in communicating up to business leaders, executives, Boards and audit committees. We hear it from Boards all the time. Practitioners need to be able to demonstrate to leadership that they have a governance process whereby they can adequately instil confidence that risks are being addressed in line with the organization’s overall risk appetite and profile. Success against a particular threat is not just and accident good luck, but the result of a solid process that continually monitors and addresses new risks and threats to the enterprise.”
Christian Christiansen, Program Vice President for IDC's Security Products and Services Group, laments the “rampant lack of senior executive confidence stands out as both alarming and, unfortunately, a sign of the times. Nearly half of respondents say their senior management has zero confidence that their organizations are prepared with adequate availability, security, and backup and recovery. That one startling fact stands as a wakeup call for company boards to make the necessary investments to brace against both external and self-imposed disruptions and threats to their IT systems and data.”