Personal information a top concern for businesses


Securing personally identifiable information (PII) is a top concern facing business and technology executives this year.

Securing personally identifiable information (PII) is a top concern facing business and technology executives this year.


According to a survey of more than 3,100 professionals in more than 95 countries by ISACA who service more than 86,000 IT governance professionals worldwide, the top seven business issues (from a list of 21 options) impacted by technology were:


1 - Regulatory compliance, specifically protecting PII and implementing transaction monitoring

2 - Enterprise-based management and IT governance

3 - Information security management

4 - Disaster recovery/business continuity

5 - IT value management

6 - Challenges of managing IT risks

7 - Compliance with financial reporting


The survey was conducted online and was open to professionals around the world with respondents broken down from North America (37 per cent), Europe/Africa (32 per cent), Asia (22 per cent), Central/South America (five per cent) and Oceania (four per cent).


Enterprises continue to make increasingly large-scale investments in IT and IT-enabled change, making it even more challenging to ensure compliance with the growing number of international regulations across all industries. According to the survey, this effort is made less difficult when technology is viewed as an integral part of the business.


Greg Grocholski, chair of ISACA's Assurance Committee and senior finance director at Dow Chemical, said: “The cost of losing or compromising the integrity of PII is also leading to a renewed focus on information security. The survey shows that 81 per cent of the 1,600 respondents who named information security management as a number three concern said that security risks are not fully known or are only partially assessed using technology.”


Anthony Noble, member of the ISACA Assurance Committee and vice president of IT audit at Viacom, said: “Keeping on top of legislative and regulatory requirements is a critical responsibility made more difficult because compliance-efforts are still operating in ‘project' mode and have not yet been embedded into business processes. IT projects still lack alignment with business objectives at many organisations, and as a result, they are unable to realise business benefits.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews