Archived Reports

Do you think spending on security is a necessary evil? The money could be spent instead on gaining new customers, retaining more existing customers, reducing the time it takes to deliver a new product to market, or reducing the cost of goods sold. So why do organizations spend money on security? For senior managers it’s… more »

What will you be using for a PC in 2015 or in 2020? In this provocative report on the relationship between mobility and PCs, Wellington Research presents the research and prognostications covering trends covering tablet computers, smartphones, laptops and PCs to analyze the evolution of the future PC. Purveyors of the leading PC form-factor of… more »

What sets the leaders apart from 9-in-10 other firms when it comes to managing risk related to the uses of IT? Its’ not technology and it’s not complex mathematics in calculating risk scores. Instead, what sets the leaders apart from all others are a number of practices, including: – Senior business leaders who own the… more »

For some, managing IT has become a full-time job of managing vendor-delivered IT services. But for others, managing vendors that deliver information or IT resources is just a small part of what needs to be done. The early-stages of IT outsourcing – discrete in its focus and limited in extent – has evolved to include:… more »

Are you always being asked to do more with less resources, time and budgets for IT and information security? Learn from the best performers who always have more resources, time and budgets for IT and information security, and who consistently report and communicate on the business impacts of IT.

Is the use of Smartphones good for business? The answers are yes and no. Explore some of the compelling benefits, risks, and what the best-in-class are doing to manage both. And, find out why some are avoiding certain mobile devices and why.

Explore the benefits and risks of Cloud Computing in this latest research report, and learn about best practices from the best – and worst – performing organizations.

A new research report issued by the IT Policy Compliance Group offers a wake-up call and recommendations about IT to anyone competing with the highest performers in their industry.

Ever wonder why — and more importantly how —just 1-in-10 organizations are able to leverage IT for competitive advantage?

What color is your information risk — today? Due in large part to a paucity of insight into the priority of information and sometimes barely adequate IT controls; most organizations cannot answer this simple question except once every four-to-six months. For some organizations, the answer to this question takes even longer, if it is ever answered.

Organizations that automate vulnerability management to find and fix vulnerabilities and unknown exploits in IT systems gain significant advantages according to the latest IT PCG research report. Entitled, “Why Automating Vulnerability Management Pays,” the report details how regular vulnerability management procedures can

Some organizations are able to minimize the impact of business downtime caused by information security problems and deficiencies, and achieve the fewest incidents of loss or theft of sensitive information. But, according to IT-PCG research, only one in ten organizations attain these kinds of results.

New benchmark research suggests that organizations with CISOs managing the information security function experience fewer problems with data theft and loss, less business downtime from failures/disruptions in IT, and much less difficulties with regulatory audits.

The latest benchmark research report from the IT Policy Compliance Group identifies the practices and guidance for information security and IT audit that are most responsible for the lowest rates of data theft and loss, the highest service-levels, and the least problems with audit.

New research findings show that the loss-tolerance for most organizations is exceedingly low, while the financial returns for small improvements in information security are extraordinarily high. Incremental increases for funding best practices, for example, are responsible for financial returns ranging from 200 percent to more than 100,000 percent for the average organization.

According to the IT-PCG latest research report entitled “Improving Results for Legal Custody of Information,” spending on legal data custody for legal settlements, legal expenses, and costs in IT to find, produce, protect, preserve information is between 75 and 94 percent lower for firms with the best practices.

Primary benchmark research shows that the way to improve business results and reduce financial risk, loss and expense is to increase or enhance the competencies, practices and capabilities governing the use and disposition of IT resources.

This report, incorporating responses from more than 450 organizations globally, reveals that only one in ten organizations is in the enviable position of adequately protecting their sensitive data. The report also analyzes the variables between those companies that are leaders and laggards in the area of data protection, providing insight into which actions and best practices can lead to less data loss, improved compliance results and sustained competitive advantage.

The IT Policy Compliance Group has released its latest research report entitled “Why Compliance Pays: Reputations and Revenues at Risk.” The report indicates the amount of money spent on compliance and data protection is a very small percentage of the financial value that is at risk. With returns on investment in compliance measures for larger enterprises starting at 1,000 percent and improving to 100,000 percent, good compliance pays for itself.

In one form or another, human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy – intended, accidental and inadvertent – is responsible for one in every four cases (25 percent). Malicious activity in the form of Internet-based threats, attacks and hacks is responsible for one in every five occurrences.

Is spending on IT security related to IT compliance results? This report highlights benchmark results covering spending as a percentage of the IT budget, by revenue, assets under management, by agency budget, and how spend allocation influences compliance results. The full report will be available in early December.

Is your organization a leader or laggard for IT compliance? This benchmark research report highlights the performance results of 671 organizations, their deficiencies, and the actions the organizations took to improve results. Find out what the critical success factors for IT compliance are, based on actual experience across these organizations.

Not surprisingly, the vast majority of midsize organizations (revenues between $50 to $999 million) are performing at norm. However, there are some striking difference in performance results, as well as actions that are being taken by midsize organizations of all sizes to improve results, from the smallest to the largest. Find out how your midsize organization compares and what steps to take to improve results.

Acting as a “hidden tax on profits,” IT resources are being dedicated to IT compliance audit. Unfortunately for some, there is not much improvement to show for the spending. The labor-intensive nature of demonstrating compliance in IT is multiplied by the number of regulatory mandates requiring policies, controls and evidence to be demonstrated. Find out how multiple regulations are impacting other organizations and what some firms are doing to improve results while lowering costs to achieve compliance.

Is compliance having an impact on internal controls and IT security? This research report uncovers what other firms are doing to realign resources and functions to better address compliance, controls that are being under- and over- measured, as well as some of the regulations driving organizational change. Find out how your organizational structure and strategy compare with the rest of the industry.