Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Information security: fundamental change required

Organizations need to fundamentally shift their approach to information security in order to meet the threats presented by existing and emerging technologies according to Ernst & Young’s 15th Global Information Security Survey 2012. The report is one of the most comprehensive surveys in its field and is based on responses from over 1,850 CIOs, CISOs and other information security executives in 64 countries.

With 88 percent of respondents experiencing a higher number of security incidents in the last two years and 77 percent using the cloud, the need to develop a robust security architecture framework has never been greater. However, 64 percent of organizations have no such framework in place and almost half of respondents (45 percent) admit to only discussing information security issues once a year with their boards.

Lack of specialist skills is cited as the main symptom that forces organizations (57 percent) to focus on the implementation of improvements to their information security capabilities that provide only short-term solutions instead of tackling the issues associated with the overall threat.

Information security continues to be IT-led within many organizations; with 61 percent of respondents in the UK indicating that their companies have placed the responsibility for information security in the hands of the IT function.

However, as information security begins to spread beyond traditional IT issues, decisions are now needed around selecting the right tools, processes and methods for monitoring threats, gauging performance and identifying coverage gaps. In addition, a reappraisal of responsibilities is required.

Only 11 percent of respondents report discussing information security topics at each board meeting.

When it comes to the extent to which the information security function meets an organization’s needs, only 15 percent of UK corporates state that it does so fully. The main reason cited is the lack of skilled resources - 57 percent this year compared to 23 percent in 2011.

Threat level continues to rise
Organizations recognise that the risk environment is changing as the frequency and nature of information security threats increase and the number of security incidents rises. The vast majority (88 percent) of respondents agreed that there is an increasing risk from external attacks, but over half (61 percent) name budget constraints as the main obstacle to their company’s information security strategy.

The unstoppable march of new technology
New technologies are opening up tremendous opportunities for organizations; but also potential threats from previously unknown sources. Cloud computing continues to be one of the main drivers of business model innovation, with the numbers of organizations using the cloud globally almost doubling in the last two years. However, 20 percent of organizations in the UK have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.


•Date: 30th Oct 2012 • UK •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here