Businesses must properly manage IT risks or face heavy damage to their strategic plans and their reputation, analysts have warned at Gartner's IT Security Summit in London.
Many companies are failing to adjust their IT decision-making and risk management processes, Gartner said, despite the smooth running of IT becoming ever more integral to business success.
Gartner vice president Richard Hunter said: "IT risk has changed. Incidents now harm constituencies within and outside companies. They damage corporate reputations and expose weaknesses in management teams.
"Most importantly, uncontrolled IT risk dampens an organization's ability to compete."
Four strategic areas were identified by Gartner as most likely to be affected by poor risk management: the availability of IT systems and processes; control of access to IT systems; the accuracy of data pulled from IT systems; and the agility of IT systems to adapt quickly following company acquisitions or product launches.
Hunter said it would be impossible to eliminate IT risk but said that careful trade-offs between risk and return were needed.
But it should not be entirely up to IT departments to handle these risks, he added: "IT risk must be understood in terms of its potential to affect all of the company objectives that are enabled by IT."