Mitigating IT Systemic Risk

This IDC Perspective discusses the IT landscape that is shifting in significant ways. Digital transformations are introducing new vendors, the inability to retire legacy systems is increasing tech debt, and the democratization of IT and sudden explosion of AI is expanding tech footprints with little governance and oversight. All of this adds to the complexity within the tech stack supporting the organization. Increased complexity leads to increased systemic risk. New single points of failure multiply within the enterprise, and attack vectors increase the cyber-risk. The failure of any single point within the tech stack can have an outsized impact on the operations of an organization; whether that failure is due to a cyberattack, failure of tech debt–ridden system, or human error ultimately doesn’t matter. Systemic risk is a significant concern for all organizations today and must be addressed by proactive CIOs, CISOs, and IT teams in general.Acknowledging and addressing systemic risk in IT and enterprise systems enable organizations to mitigate the likelihood and impact of major disruptions and maintain their operational resilience.“The rapidly evolving IT landscape, characterized by digital transformations, legacy system challenges, and the proliferation of AI, is significantly increasing complexity within organizational tech stacks,” says Dr. Ken Knapton, adjunct research advisor for IDC’s IT Executive Programs (IEP). “This complexity amplifies systemic risk, creating new single points of failure and expanding attack vectors, which can lead to outsized impacts on operations regardless of the cause. Proactive management of systemic risk by CIOs, CISOs, and IT teams is crucial for maintaining operational resilience and mitigating the potential for widespread disruptions in today’s interconnected enterprise environments.”