When it comes to managing business risks from the use of IT, some organizations experience the lowest rates of data loss or theft, the least business downtime from disruptions in IT and the fewest problems with regulatory audit in IT. These organizations also spend the most on improving information security best practices when compared with all others.

Despite spending almost the same amount on information security, other organizations are not getting similar results. Research shows that those organizations exhibiting the most data loss or theft, the highest levels of business downtime and the most problems with regulatory audit in IT, are not benefiting from their spending on information security for several reasons.

This report provides detailed descriptions of:

• The principal business risks from the use of IT
• How spending is influencing outcomes and financial risks
• The connection between information security and audit
• Which, if any industry, is doing better than others
• Financial losses being experienced
• Financial returns above self-sustained losses
• How much money can be saved on audit annually
• Which practices are actually reducing risk and financial loss from the use of IT