Over Half of IT Leaders Say Employee-owned Mobile Devices Are Riskiest

2011 ISACA IT Risk/Reward Barometer also charts cloud computing growth, increase in information security hiring

World Congress: INSIGHTS 2011

ROLLING MEADOWS, Ill.--()--More than half of information technology leaders in the US believe that any employee-owned mobile device poses a greater risk to the enterprise than mobile devices supplied by the company, according to a new member survey by ISACA. Yet 27 percent still believe that the benefits outweigh the risks.

The 2011 ISACA IT Risk/Reward Barometer found that 58 percent of US information security and IT audit professionals view mobile devices owned by employees as posing the greatest risk, compared to 33 percent who chose among work-supplied smart phones, laptops/netbooks, tablet computers, broadband cards or flash drives. Organizations are increasingly being asked to manage the “BYOD” (bring your own device) trend as more employees use powerful and affordable personal mobile devices.

“BYOD presents both opportunities and threats. It lets employees and organizations take advantage of technology innovations at limited cost to the organization. Unfortunately, it also introduces new vulnerabilities, due to the limited ability of most organizations to effectively manage and secure employee-owned devices accessing their information infrastructure,” said John Pironti, CISA, CISM, CGEIT, CRISC, CISSP, advisor with ISACA and president of IP Architects, LLC. “Organizations should educate employees on their security requirements and implement a comprehensive mobile device policy aligned with their risk profile.”

The IT Risk/Reward Barometer helps gauge current risk/reward attitudes and organizational behaviors related to IT projects and emerging trends. The study polled 2,765 IT leaders globally, including 712 respondents from the US. For full results, visit www.isaca.org/risk-reward-barometer.

Growing acceptance of cloud

This year’s Barometer shows that the number of enterprises not using use cloud computing for any IT services has decreased by 5 points to 21 percent, and those that plan to use it for mission-critical IT services has increased 4 points to 14 percent.

“Cloud computing isn’t new; it’s an evolution of IT that is growing in popularity with the C-suite as a viable and cost-effective IT resource enabling businesses to be more agile,” said Robert Stroud, CGEIT, international vice president of ISACA and service management, cloud computing and governance evangelist at CA Technologies. “Because security is still a concern with cloud services, organizations recognize that they must take measured risk in cloud deployment. But it’s a calculated risk they will take because they know that stifling the use of cloud computing to avoid risk could actually stifle business growth.”

Cloud computing will be a topic at ISACA’s inaugural World Congress: INSIGHTS 2011 conference 27-29 June near Washington DC. Senior-level government officials and Fortune 500 executives will discuss emerging technologies, business value and compliance.

Information security and risk jobs on the rise

The data, collected in March 2011, shows that a surprisingly high percentage (40 percent) of respondents expect information security staffing requirements to increase over the next year. Thirty-four percent expect their risk management staffing requirements to rise.

“Today’s rapid acceleration in data volume, IT complexity and privacy regulations are fuelling a need for a greater focus on information security and risk management. ISACA is seeing a similar growth in interest in its CRISC and CISM certifications, as professionals seek to better understand and demonstrate proficiency in the critical areas of managing security and risk,” said Ken Vander Wal, CISA, CPA, ISACA international vice president.

This year’s Barometer also indicates that IT risk management is becoming more strategic. Its integration into enterprise risk management is up slightly over last year. Compliance (26 percent) and avoiding negative incidents (22 percent) are still primary drivers, but a close third now is aligning functionality with business needs (18 percent).


With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a global provider of knowledge, certifications, community, advocacy and education on information systems assurance, security, enterprise governance, risk and compliance. Founded in 1969, ISACA develops IS auditing and control standards and established the CISA, CISM, CGEIT and CRISC designations. ISACA continually updates COBIT to help enterprise leaders fulfill IT governance and management responsibilities.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official)


Kristen Kessinger, +1.847.660.5512

Release Summary

ISACA's 2011 IT Risk/Reward Barometer surveyed 2,765 IT professionals worldwide on cloud adoption, mobile security and more. Visit http://www.isaca.org/risk-reward-barometer for full results.


Kristen Kessinger, +1.847.660.5512