Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

14th Annual Global Information Security Survey: Companies rush to adopt new technologies leaving security threats as an after-thought

In the rush to ‘digitise’ their businesses with new technologies and move into the increasingly borderless world of cloud computing and social media, organizations are developing a growing gap between business needs and the ability to tackle new and complex security threats, according to Ernst & Young’s 14th Annual Global Information Security Survey, released this week.

The survey of 1,700 organizations globally found that 72 percent of respondents are seeing an increasing level of risk due to the significant growth in external threats, such as hacking and data theft. At the same time, however, only about a third of respondents have updated their information security strategy in the past 12 months.

With 61 percent of organizations using or considering the use of cloud computing services within the next year, a growth of 16 percent year-on-year, the threat of security breaches has become an after-thought in the rush to adapt to the rapidly changing landscape.

59 percent of respondents plan on increasing their information security budgets in the coming 12 months, however, only 48 percent believe that information security strategies adequately address risk and only 51 percent have documented strategies in place.

An increasing number of organizations are offering support for employee-owned devices. With 46 percent of respondents stating that there are increased risks due to internal vulnerabilities, it is critical that organizations are aware of the risks posed by ‘bring your own devices’ and other similar policies.

Building trust in the cloud
Respondents named cloud computing as their top information security funding priority for the coming 12 months. Despite the compelling story for cloud adoption, many organizations are still unclear of the implications of cloud and are increasing their efforts to better understand the impact of its adoption and the risks.

48 percent of respondents listed the implementation of cloud computing as a difficult or very difficult challenge, and more than half have not implemented any controls to mitigate the risks associated with cloud computing. The most frequently taken measure is stronger oversight on the contract management process with cloud providers, but even this is only done by 20 percent of respondents, indicating a high and possibly misguided level of trust.

Board level?
The survey shows that only 12 percent of respondents are presenting information security topics at each board meeting.

Rather more worrying is less than half (49 percent) of survey respondents stated that their information security function is meeting the needs of the organization. Specifically in the UK, the main reason cited by respondents for this is a lack of skilled resources (23 percent in the UK, compared to 13 percent globally). With this level of risk posed to companies’ reputations and operations, business leaders need to take action.

Social media
Most respondents (72 percent) claimed that external malicious attacks were their top risk. These attacks may be fuelled by information obtained through the use of social media that was used to send targeted phishing messages to specific individuals.

To help address potential risks posed by social media, organizations seem to be adopting a hard-line response. More than half (53 percent) have responded by blocking access to sites rather than embracing the change and adopting enterprise-wide measures.


•Date: 2nd November 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here