Accessibility Statement Skip Navigation
  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing
  • Login
  • GDPR
  • Create a Free Account
Return to PRWeb homepage
  • News
  • Resources
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
  • Business & Money
      • Auto & Transportation

      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Hamburger menu
  • Cision PRWeb provides efficient communication tools to continuously engage with target audiences across multiple online channels
  • Create a Free Account
    • ALL CONTACT INFO
    • Contact Us


      11AM ET Sunday – 8PM ET Friday

  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR

In a Year Where Security is Paramount, Many Drop the Ball

Computer Economics, a service of Avasant Research, has released its major annual study on 34 IT management best practices, and one important category - IT security and risk management-is showing mixed results. This is a bad sign in 2020, considering the changing threat landscape and the ramifications of the pandemic. Many companies virtualized their IT organizations and shifted to work from home (WFH) environments early in 2020. When this happened, they dramatically extended the boundaries of their enterprise into insecure territory.


News provided by

Avasant

Oct 20, 2020, 08:00 ET

Share this article

Share toX

Share this article

Share toX

Figure 3: Top 5 Most Mature, % Practicing Formally and Consistently
Figure 3: Top 5 Most Mature, % Practicing Formally and Consistently

LOS ANGELES, Oct. 20, 2020 /PRNewswire-PRWeb/ -- Computer Economics, a service of Avasant Research, has released its major annual study on 34 IT management best practices, and one important category – IT security and risk management–is showing mixed results. This is a bad sign in 2020, considering the changing threat landscape and the ramifications of the pandemic. Many companies virtualized their IT organizations and shifted to work from home (WFH) environments early in 2020. When this happened, they dramatically extended the boundaries of their enterprise into insecure territory.

"Cyberattacks have surged at least 85% since March," said Tom Dunlap, director of research for Computer Economics, a service of Avasant Research, based in Los Angeles. "Data theft and ransomware are on the rise, aimed increasingly at the work-from-home crowd. Because of this new reality, it is shocking what our best practices survey revealed this year: Many security best practices are not applied consistently."

Cyberattacks have surged at least 85% since March

Post this

Figure 3 from our full study, IT Management Best Practices 2020-2021, shows that five IT security and risk management practices range in maturity from 41% to 46%. What do we mean by practice maturity? It means the percentage of respondents that apply a practice formally and consistently. Take encryption, for example, which has a 46% maturity rating. Forty-six percent of companies encrypt data consistently and with a formal plan. This means a whopping 54% of survey respondents do NOT encrypt data formally and consistently, which is alarming. This might mean they don't encrypt all of their data or perhaps they encrypt data at rest but not while it is moving. Or, there is no formal plan in place to be sure all critical data is encrypted. This is a security breach waiting to happen.

Or take security incident management—number two on our most mature list—with 44% saying they apply this best practice formally and consistently. But that means 56% of companies do not consistently and formally record, track, and resolve security incidents. The fact that 44% of organizations have a security incident management practice is expected, given corporate standards and WFH realities. But it is disappointing that 56% do not manage security incidents formally and consistently. Even more disappointing is that the maturity percentage (44%) is down from last year (51%). Perhaps this is one reason that we continue to see little progress against high-profile cyberattacks.

Third on the list is two-factor authentication (2FA), at 43%. Two-factor authentication is a security measure that provides an extra layer of protection to an account log-in. It was at 34% last year, so at least it's moving in the right direction. Still, the fact that 57% don't use 2FA formally and consistently is worrisome.

Penetration testing is fourth at 42%. A penetration test, often called a pen test, is a best practice that identifies security weaknesses. It was at 44% last year, so it's down a bit in 2020. Not to beat a dead horse, but the fact that 58% do not consistently and formally conduct pen tests is disappointing.

Rounding out the most-mature list is IT security compliance audits, at 41%. Periodically auditing users and IT staff to ensure that security and privacy policies are followed is one of the most important security measures an organization can take. What good is having security policies in place if no one is following them? It is disappointing that this maturity number is only 41%. It was practically the same last year, 42%.

Some of the 34 best practices are well-established disciplines and are widely accepted. Others are gaining traction among leading-edge organizations. Still other practices are being widely promoted by tools vendors and consultants but are only rarely adopted, and it remains uncertain whether they will endure. Our goal in this study is to provide IT executives with real-world data on how widely each practice is implemented, a basis for comparing their organizations with their peers, and a means of identifying emerging best practices.

This study is now in its 13th year. Each year, we ask IT organizations in our annual survey to what extent they have adopted a selected list of IT management best practices. Survey participants have five response choices:

  • No Activity: We are not practicing this discipline in any way.
  • Implementing: We are in process of implementing this best practice.
  • Practicing Informally: We do not have formal policies or procedures for this discipline, but we do practice it in an informal or ad-hoc manner.
  • Practicing Formally but Inconsistently: We have formal policies and procedures for this discipline, but we do not follow them consistently or to the extent that we should.
  • Practicing Formally and Consistently: We have formal policies and procedures for this discipline, and we follow them consistently. This is the maturity level.

The best practices in the study are as follows:

  • IT governance practices: IT strategic planning, IT steering committee, IT project portfolio management, project management office, IT change control board, organizational change management, and enterprise architecture.
  • IT financial management practices: IT personnel time tracking, service-based cost accounting, chargeback of IT costs, showback of IT costs, IT service catalog, and benchmarking IT spending levels.
  • IT operational management practices: Monitoring software licenses, IT Infrastructure Library (ITIL), IT asset management system, bring your own device, user-satisfaction surveying, and IT performance metrics.
  • IT security and risk management practices: IT security training, data classification and retention, two-factor authentication, IT security compliance audits, penetration testing, security incident management, encryption, disaster recovery planning, disaster recovery testing, and business continuity planning.
  • Application development practices: system development life cycle, agile development, software change management process, DevOps, website accessibility, and post-implementation audits.

The full study is designed to increase the awareness of IT leaders concerning what are the best practices in IT management, provide benchmarks against which an IT organization can compare its own adoption and practice level, and justify investments to improve an organization's IT management practices.

This Research Byte is a brief overview of our report on this subject, IT Management Best Practices 2020-2021. The full report is available at no charge for Avasant Research subscribers, or it may be purchased by non-subscribers directly from our website (click for pricing).

About Avasant:

Avasant is a leading management consulting firm focused on translating the power of technology into realizable business strategies for the world's largest corporations. Specializing in digital and IT transformation, sourcing advisory, global strategy, and governance services, Avasant prides itself on delivering high-value engagements through industry-focused innovation and flexible client-based solutions.

Our seasoned professionals have an average of 20 years of industry-honed expertise, having conducted 1000+ engagements in over 50 countries. Avasant's next generation consulting and advisory methods have made it the top-ranked firm in its class, with recognition from numerous organizations, including: Vault, NOA, IAOP, and Wall Street Journal.

Avasant's engagement in the global market has inspired a strong commitment to community and purpose. Avasant Foundation supports technology and skill development programs to create employment opportunities for youth across Africa, Asia, the Caribbean and Latin America.

For more information, visit https://www.avasant.com.

Follow news, photos and video on Twitter at http://www.twitter.com/avasant, Facebook at https://www.facebook.com/avasantllc, and LinkedIn at https://www.linkedin.com/company/avasant/.

SOURCE Avasant

Related Links

https://www.avasant.com

Modal title

Contact PRWeb

  • 11AM ET Sunday – 8PM ET Friday
  • Contact Us

About PRWeb

  • About PRWeb
  • Partners
  • Partnership Programs
  • Editorial Guidelines
  • Resources

Why PRWeb

  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing

Accounts

  • Create a Free Account
  • Log in
  • Contact Us

Do not sell or share my personal information:

  • Submit via [email protected] 
  • Call Privacy toll-free: 877-297-8921

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Legal
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 Cision US Inc.