Gone are the days when budgetary constraints topped IT managers’ mind as the greatest hurdle in addressing IT-related business risk. According to ISACA’s 2012 IT Risk/Reward Barometer survey, nearly 90% of respondents from China and Hong Kong indicated that they plan to increase or maintain their staff levels for information security, IT risk management and IT assurance in 2013. Only 17% cited budget as a top hurdle to addressing risk, down substantially from 28% last year.

The 2012 IT Risk/Reward Barometer is a global survey based on an online polling of 4,512 IT professionals who are ISACA members, including 91 in Hong Kong and China.

This year, lack of management support (22%) replaces budget constraints as IT professionals’ biggest challenge in addressing IT-related business risk. This explains why 53% of the respondents thought the most important action is to increase risk awareness among employees at all levels, representing an 18-point jump from the previous year.

BYOD Under the Microscope

One area that was put under the IT professionals’ microscope in 2012 is the blurring line between personal and work devices. The survey shows that 44% of respondents believe the risk of “bring your own device” (BYOD), in which employees use their own devices for work, outweighs the benefit.

“Although IT professionals’ concern over the risk associated with BYOD is understandable, the usage of employees’ devices for work is a growing trend and it has its own merits,” said Simon Chan, president of the ISACA China/Hong Kong Chapter. “ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises deal with this challenging issue. By applying COBIT to mobile device security, enterprises can establish a uniform management framework and that helps them plan, implement and maintain comprehensive security for mobile devices. This will help enterprises reap the benefits of BYOD.”

The China/Hong Kong market also saw enterprises exert tighter control over work-supplied IT devices for personal use, according to the survey. Nearly seven in 10 organizations (69%) surveyed this year limit or prohibit the use of a work email address for personal online shopping or other non-work-related activities, representing a 19-point jump from last year. About 63% said they limit or prohibit using work-supplied devices for personal use, marking a 13-point increase from 2011. The control over the use of work devices for accessing social networking or daily deal sites has become tighter as well, with 64% respondents limiting or prohibiting such activities, up from 56% a year ago.

“The emphasis on information security and risk management is evidenced in the market’s growing interest in ISACA’s Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certifications. The CRISC program has granted more than 16,000 certifications and become a globally respected and recognized program in just two years,” Chan said. “Meanwhile, CISM, now in its 10^th year, is also seeing continued growth.”

For information on CISM or CRISC, visit www.isaca.org/certification. For survey results, visit www.isaca.org/risk-reward-barometer.

About ISACA

With more than 100,000 constituents in 180 countries, ISACA^® (www.isaca.org) is a nonprofit, independent association that advances and attests IT skills and knowledge through the CISA, CISM, CGEIT and CRISC designations, and publishes the COBIT framework.

Follow ISACA on Twitter: https://twitter.com/ISACANews