A lack of IT risk management tools is exposing companies to greater risks than necessary, although help will arrive soon, according to one expert.
"IT risk is really difficult to quantify, because you don't have the experience today. There is also not enough data to calculate it or even how to do it" said Urs Fischer, vice president and head of IT governance and risk management at insurer SwissLife, at the recent European Computer Audit Control and Security Conference in Stockholm.
"Everyone at the conference is saying it's something you have to do," said Fischer, adding that when you ask them how to do it, no one has a good answer.
Good risk management can save money, according to Fischer. But wrong assessments can lead to increased costs, and quite simply bad security.
IT risk management is also especially challenging because of the very fast paced nature of security, he says.
But help is on the way — the IT Governance Institute, part of the group that organised the Stockholm conference, is developing a framework to simplify IT risk management.
"It will come out this year, and be freely available. It will show managers and IT people how they could approach IT risk management", said Fischer.