Global not-for-profit IT association ISACA today released findings from its 2012 IT Risk/Reward Barometer survey. Respondents in Australia and New Zealand report a growing acceptance of “bring your own device” (BYOD) in the workplace, while also acknowledging that they believe the risk still outweighs the benefit.

The IT Risk/Reward Barometer surveyed more than 4,500 IT professionals worldwide about the risks and rewards associated with BYOD and cloud computing, among other topics. When it comes to BYOD, companies in Oceania and Africa tend to allow employees to use their own device for work purposes more than companies in other regions do. In fact, nearly half of responding enterprises in Oceania allow it (48%), while only 28% of European companies do.

Only 22% of respondents in Australia and New Zealand say the benefits—including increased productivity and efficiency and cost reduction—outweigh the risk, while 47% still believe that the risk is greater. Yet despite the dangers, 32% of enterprises still do not have a security policy in place for BYOD.

To help control BYOD risk, enterprises in Australia and New Zealand report having the following security controls in place:

• Password management system (48%)
• Remote wipe capability (40%)
• Encryption (37%)

Nearly 70% of enterprises in Australia and New Zealand allow employees to access social networking sites from a work device, and 72% allow employees to shop online using a work-supplied device.

However, IT professionals report that the following employee activities pose a high risk to the enterprise:

• Storing work passwords on a personal device (78%)
• Losing a work-supplied computer or smart phone (67%)
• Using an online file-sharing service for work documents (63%)
• Downloading personal files onto a work-supplied device (51%)

“Enterprises in Oceania seem to understand and accept that employees are increasingly using their own devices for work and personal activities,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP, director of ISACA and director of information security at BRM Holdich. “However, controls need to be in place that include clearly communicated policies and ongoing education that trains employees to help protect both the enterprise and the employees.”

ISACA, a not-for-profit association serving 100,000 IT professionals in 180 countries, provides resources to help enterprises address this challenging issue.

“ISACA recently published Securing Mobile Devices With COBIT 5 to help enterprises address mobile device security, including BYOD,” said Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, international vice president of ISACA. “By applying the COBIT framework to mobile device security, enterprises can better plan, implement and maintain comprehensive security for these devices.”

Full survey results are at www.isaca.org/risk-reward-barometer. COBIT 5 is at www.isaca.org/cobit.

About the IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer helps gauge attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior. It is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 173 members in Oceania.

About ISACA

With 100,000 constituents in 180 countries, ISACA^® (www.isaca.org) is a leading global association for information systems assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. It offers the CISA^®, CISM^®, CGEIT^® and CRISC^® designations and the COBIT^® framework.

Follow ISACA on Twitter: https://twitter.com/ISACANews