As more corporations report a higher number of thwarted cyber attacks, which are also rising in severity, the growing fear of security breaches may be affecting decision makers' ability to mitigate further risks, according to Gartner.
A new study from the technology research firm found that although the high publicity of cyber attacks has certainly raised awareness of the importance of a security audit and similar functions, it's also leading to fear. In turn, these CIOs are shifting away from enterprise risk management and risk-based information security and toward technical security.
Gartner attributed this shift to what it calls fear, uncertainty and doubt (FUD), which it warned can prompt IT leaders to make rash decisions based on emotions rather than strategy.
"While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making," said John A. Wheeler, research director at Gartner.
The research firm did point out that often, these reactionary decisions can lead to short-term benefits, especially when IT security budgets have traditionally been constrained during rough economic times. However, the savings these short-term solutions incur likely won't last beyond a couple of years, the group warned.
It recommended companies to take on in-depth assessments that will help them better understand the current level of maturity of its IT risk management program, then decide on new goals for cyber security.
Considering only 53 per cent of respondents to a recent Gartner survey said they use a formal IT risk management program to develop security roadmaps, it may be beneficial for these groups to look into penetration testing and other advanced vulnerability management tools.