The majority of organisations anticipate major information loss and compliance failures, a new report from security vendor Symantec has found.

The first IT Management Report, published this week at the RSA security conference also found shortcomings in areas that can have a negative impact in overall IT risk management.

A huge 66 % expected a major regulatory incident at least once every five years, while 58 % of the 500 IT professionals questioned in the global survey said they would suffer a major data loss at least once every five years. A further 60 % expect a major IT incident at least once a year, indicating they were more effective in implementing technology controls than process controls, said the report.

It also said best-in-class organisations perceive higher risk levels but experience fewer IT incidents. They were more effective at implementing the entire range of controls.

“Over the past decade, IT systems have become critical to every aspect of business resulting in a level of dependence on IT not seen in the past,” said the report. “As a result, IT risk, once a minor component of operational risk, is emerging as a major hazard for organisations to identify and manage.”

Symantec quantifies IT risk in its five-step management process that includes security, availability, performance and compliance elements and their capacity to affect IT systems.