I often find many of the high-level risks have repeated themselves on the projects I’ve worked on. However, the risk profile, risk appetite, detail of the risk, how it gets managed, mitigated and controlled varies massively.

IT teams and testers have been challenged by automated testing for decades now.  It seems to me that many organisations haven’t really cracked the nut yet with regards to functional automation and many (too many) automated testing efforts fail to meet their objectives, budget and stakeholders’ expectations. Expectations seem to be lower for load and performance testing. I’m not sure if this is because it’s perceived to be more difficult or the risk is perceived to be lower or both. Either way I don’t think that’s true, but that’s for another post. There isn’t much conversation happening yet about automated security testing - yet. I find this strange considering 47% of companies surveyed for this year’s World Quality Report said that enhancing security is part of their IT Strategy. The number of security breaches is increasing – the 2018 Cyber Security Breaches Survey shows 43% of businesses in the UK experienced a security breach in the past year.

If the Pentagon and the Whitehouse can both be hacked, then so can you. Now, please don’t think for a second that I think the members of the Pentagon and Whitehouse are in any way more intelligent or better than you (I’m convinced of quite the opposite – without even meeting you), but I am assuming they have pretty good cyber security.