Ernst & Young: Companies wake up to privacy and data protection
Organisations increasingly recognise information security as a driver of business improvement, new research shows.
Ernst &Young's 9th Annual Global Information Security Survey sought the views of 1,200 information security professionals in both public and private sector organisations in 48 countries.
According to the research, over three quarters of respondents cited privacy and data protection as a significant issue that requires further investment - for the first time in the study's nine year history. Those surveyed said that they have and would continue to invest most of their time, money and resources into formalising procedures for the capturing, storage and sharing of data.
There is increasing evidence that driving this change is publicity that businesses have received from high profile cases of information security breaches, where customer data is stolen and used by criminals.
"This intensifying pressure from the consumer to address privacy has forced companies to re-evaluate their data risk practices and procedures, particularly in the financial services sector."
The report also found that while many organisations are starting to recognise the importance of privacy and data protection, they are still failing to manage third party risk, despite several cases of consumer data stolen from customer service outsourcing companies. Approximately 55 per cent of corporations admitted to having no formal agreements in place with third party suppliers for the second year running.
Brown said: "In the last two years there has been little or no effort by organisations to address the risks associated with sharing data with a third party. A security breach in a third party partner could be enough to bring an organisation down and many more businesses will get burnt if this does not get better."
The research also reveals that compliance remains the top driver impacting information security practices, with 80 per cent of respondents saying work undertaken to achieve regulatory compliance has improved the organisation's information security.
Furthermore, over half of those surveyed believe the three most popular new technologies - remote computing, removable media and wireless networks - pose the greatest risk to information security.
According to Brown there are many challenges ahead for businesses and IT professionals. "Information security is not just about tackling computer crime it is about mitigating the risks to your business, investors, customers and other stakeholders," he said."There are strong challenges ahead for business and IT leaders in managing information security, as supply chains become increasingly complex, people and technology more mobile and businesses integrate outsourcing and third parties further into their business models," he added.