Large Organizations are Way Behind on IT Risk Management

Government and industry regulations were supposed to improve information security, yet many holes remain. Why? Many organizations adopted a regulatory "check box" mentality which helped them pass audits, but didn't address dangerous threats or existing vulnerabilities. ESG believes IT risk management can help and many large organizations concur, but new data from Evalueserve indicates that there is still a lot of work to do. Without rapid IT risk management progress, many organizations remain sitting ducks for cybercrime, industrial espionage, or catastrophic denial of service attacks.