WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Awareness of information security threats growing; but organizations struggle to manage the risks

In an era when cyber security threats are more common than ever, organizations continue to struggle to manage data securely, prepare for potential crisis scenarios, and defend against hacking and other cyber threats, according to findings from the 2014 IT Security and Privacy Survey conducted by global consulting firm Protiviti.

"Our survey results tell a story of gaps between where companies currently stand and where they should be in relation to fundamental elements of IT security. Some progress has been made since our last survey, yet many organizations still fall short of important standard protocols for IT security and privacy," said Cal Slemp, managing director with Protiviti and global leader of the firm's IT security and privacy practice. "Companies need to take more action in relation to the risks they recognize to better protect their crucial data."

Key survey findings

The overarching findings from this year's results are tied predominantly to five major themes that suggest companies still need to make further improvements to their IT security and privacy practices.

Organizations lack high confidence in their ability to prevent a cyber attack or data breach. While executive management has a higher level of awareness when it comes to the organization's information security exposures, lower confidence levels among IT executives and professionals in preventing an attack or breach likely speak to the creativity of cyber-attackers and the inevitability of a breach – and the need for strong incident response planning and execution.

Companies are not properly preparing for crisis scenarios. There is a significant year-over-year jump in the number of organizations without a formal and documented crisis response plan to execute in the event of a data breach or cyber attack.

There is a correlation between board engagement and stronger IT security profiles. Nearly three out of four boards have a good level of understanding about the organization's information security risks, according to survey results. Organizations whose boards are concerned with how the organization is addressing its risks, have significantly stronger IT security profiles. On the other hand, one in five boards appears to have a low level of engagement in how the company is addressing information security risks.

Companies do not have proper ‘core’ data policies. One in three companies does not have a written information security policy. More than 40 percent lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and they carry considerable legal implications.

Not all data is equal. The percentage of organizations that retain all data and records has more than doubled – not necessarily a positive development. In addition, a relatively large number of organizations do not prioritize data that is processed and governed with a data classification schema. Even fewer companies appear to prioritize data that is highly regulated, including PCI (payment card industry) and healthcare-related information.

Some positive results

The survey shows that CIOs and CSOs are more engaged in taking on the primary responsibility for security policies than in prior years. Also, companies are becoming more aware of their data lifecycle – where and how long their data is stored. Of note, only a small number of organizations are moving their sensitive data into the cloud despite news stories and industry conjecture to the contrary.

The third edition of Protiviti's IT Security and Privacy Survey gathered insights from more than 340 CIOs, CSOs, IT directors, managers and IT auditors at companies with gross annual revenues ranging from less than $100 million to greater than $20 billion. The complimentary survey report is available at: www.protiviti.com/ITsecuritysurvey

•Date: 16th September 2014 • World •Type: Article • Topic: ISM


Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here