Press Release

 It May Be Riskier to Ignore Big Data Than Implement It, Says New ISACA White Paper 

Free guide outlines three challenges preventing organizations from realizing big data gains

Rolling Meadows, IL, USA (21January 2014)—Enterprises that choose to avoid using big data analytics techniques because of the possible dangers, such as security and privacy breaches, may be creating risk of another type, says a new white paper from global nonprofit IT association ISACA. “Generating Value From Big Data Analytics” encourages information technology professionals to look at big data holistically, taking into account the cost of inaction.

The white paper points out that understanding the business case is just as important as understanding the technology and compliance risk. Enterprises need to understand the business rationale for adoption, the anticipated return on investment and the impact if the enterprise chooses not to adopt while its competitors do.

“There are risks inherent in implementing big data, such as ensuring privacy laws are not breached. But the risk of inaction may be far greater, with a company being left behind as its competitors embrace the technique to leap ahead,” said Norman Marks, member of ISACA’s Emerging Business and Technology Committee, which developed the white paper. “The insights obtained into customer needs and buying patterns, the reputation the company holds in the marketplace and the emergence of new risks can help the organization make dramatic advances by adapting its strategies for success. In addition, big data enables significant improvements in the ability to manage risk and ensure compliance, with one example being the ability of banks to monitor transactions and identify suspected money laundering.”

Many professionals are open to seeing value in analytics. According to ISACA’s 2013 IT Risk/Reward Barometer, a global indicator of trust in information, close to half (46%) of the 2,013 business and IT professionals polled say that big data has the potential to add or has already added value to their organization. Yet only 22% feel adequately prepared to provide governance and manage privacy effectively.

The new ISACA white paper provides detailed guidance on understanding the business case for big data, summarizing case studies that show how increased competitiveness and transformative results are achieved through imaginative uses of preexisting data. The retail and healthcare industries are particularly fertile grounds for a business case justifying the use of big data analytics, notes the paper, due to the sheer volumes of already-collected data that can be further leveraged through sophisticated analytics.

“Generating Value from Big Data Analytics” can be downloaded free of charge at

Obstacles to Success: Skills Gap, Internal Silos, “Shadow IT”

The paper also outlines the challenges that may hinder the ability to realize gains from big data projects. Most enterprises do not currently have specialized analytics skills in-house, and these personnel are expected to continue to be hard to find and expensive to maintain in the short-to-intermediate term. In fact, the 2013 Risk/Reward Barometer found that lack of analytics capabilities or skills was the second most frequently cited obstacle to big data, chosen by 22% of respondents.

Another challenge is enterprise silos, especially at enterprises with a history of competitiveness, antagonism or resistance to outside influence, which will make them less willing to share information or act on information they receive. Similarly, the trend of “Shadow IT”—technology adopted without the IT department’s approval or awareness—may result in large volumes of hidden data that get missed by big data projects planned centrally.

“Before enterprises go ahead with any significant investments in big data analytics, they need to take a candid and realistic assessment of organizational culture and structure. If knowledge is power, then big data can equal big power,” noted Robert Stroud, CGEIT, CRISC, member of ISACA’s Professional Influence and Advisory Committee and vice president of strategy, innovation and service management at CA Technologies.

ISACA provides a variety of guidance—much of it free of charge—to help business and IT leaders understand governance and risk considerations surrounding big data. Visit and click on the Big Data topic for relevant discussions, links and resources.


With more than 110,000 constituents in 180 countries, ISACA ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:


Kristen Kessinger, ISACA, +1.847.660.5512,