Most disturbing was the fact that over 80 percent of surveyed companies rated complying with corporate policies and procedures ahead of enabling strategic initiatives and service or product launch and delivery.

The survey also found that, due to globalization, organizations no longer have their own IS risks to deal with.

"Business boundaries are crumbling," says Nel, "and IS goes further than just securing one's own business. Finally protecting customers is an issue for attention."

However, with growing international interdependency, many organizations are still not paying adequate attention to vendor risk management. Two fifths of respondents to the survey either had no formal, or informal, process in place to assess vendor risk.

But the weak links are everywhere, Nel says, with resourcing playing a major part in organizations' inability to adopt to IS standards and become certified in them.