Ernst & Young: Companies wake up to privacy and data protection

Organisations increasingly recognise information security as a driver of business improvement, new research shows.

Ernst &Young's 9th Annual Global Information Security Survey sought the views of 1,200 information security professionals in both public and private sector organisations in 48 countries.

According to the research, over three quarters of respondents cited privacy and data protection as a significant issue that requires further investment - for the first time in the study's nine year history. Those surveyed said that they have and would continue to invest most of their time, money and resources into formalising procedures for the capturing, storage and sharing of data.

There is increasing evidence that driving this change is publicity that businesses have received from high profile cases of information security breaches, where customer data is stolen and used by criminals.

Richard Brown, Head of Technology and Security Risk Services at Ernst & Young said: "Businesses are only just waking up to the dangers of having little or no privacy policy in place for managing sensitive data. The tipping point appears to be growing consumer concern and awareness - identity theft, loss of personal data, phishing attacks and other data infringements are no longer things you just hear about, they have probably happened to someone you know.

"This intensifying pressure from the consumer to address privacy has forced companies to re-evaluate their data risk practices and procedures, particularly in the financial services sector."

The report also found that while many organisations are starting to recognise the importance of privacy and data protection, they are still failing to manage third party risk, despite several cases of consumer data stolen from customer service outsourcing companies. Approximately 55 per cent of corporations admitted to having no formal agreements in place with third party suppliers for the second year running.

Brown said: "In the last two years there has been little or no effort by organisations to address the risks associated with sharing data with a third party. A security breach in a third party partner could be enough to bring an organisation down and many more businesses will get burnt if this does not get better."

The research also reveals that compliance remains the top driver impacting information security practices, with 80 per cent of respondents saying work undertaken to achieve regulatory compliance has improved the organisation's information security.

Furthermore, over half of those surveyed believe the three most popular new technologies - remote computing, removable media and wireless networks - pose the greatest risk to information security.

According to Brown there are many challenges ahead for businesses and IT professionals. "Information security is not just about tackling computer crime it is about mitigating the risks to your business, investors, customers and other stakeholders," he said.

"There are strong challenges ahead for business and IT leaders in managing information security, as supply chains become increasingly complex, people and technology more mobile and businesses integrate outsourcing and third parties further into their business models," he added.

Sign up to our newsletters