Research
Numbers: More Executives Say Information Security Can Improve Efficiencies, Drive Business Results
By Katherine Walsh
December 21, 2007
—
CSO
—
Ernst & Young’s 10th annual Global Information Security Survey shows promising evidence that a growing number of organizations believe information security can improve overall corporate performance, as well as protect corporate assets.
However the survey, which canvassed 1,300 senior executives in more than 50 countries, also shows that companies are struggling to strike a balance between performance initiatives and risk mitigation strategies.
According to the study, “Information security teams must connect with executive management and be involved with the strategic decision-making process from the beginning. This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative.”
Key findings:
* Eighty-two percent of respondents reported some level of information security integration with overall organizational risk management, and 29 percent report full integration.
* Sixty-nine percent of respondents said that information security improves IT and operational efficiencies. (In the past, information security has been viewed as a barrier to IT and operational efficiency.)
* Fifty-eight percent of this year’s respondents said privacy and data protection are the second and third most important drivers behind infosec improvements, up from 41 percent in 2006.
* Although 64 percent of respondents ranked compliance as the primary driver of improvements to information security, 45 percent ranked meeting business objectives among the top drivers.
However, information security is still too isolated from executive management and the strategic decision-making process. Thirty-two percent of respondents rarely meet with their board or audit committee. While involvement is increasing, it continues at a slow pace.
More than 50 percent of respondents say that the number one challenge to delivering information security projects is a lack of experienced resources. To that end, 60 percent say they are outsourcing certain aspects of information security.
Associate Staff Writer Katherine Walsh can be reached at kwalsh@cxo.com.
--
The comment field below does not work. Please send your feedback directly to the author.
Other stories by Katherine Walsh
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Discover whether hosting is your smartest choice for enterprise messaging.
To host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.
- Guide: 5 Steps to Secure Outsourced Application Development
- How to Offer the Strongest SSL Encryption
- Enterprise Management Associates: Taking the Botnet Threat Seriously
- Fact or Fiction Security Survival Guide: Clearing up Misconceptions, Myths and Mistruths about Security
- A Guide to Providing Proactive Protection to Consumer Online Transactions
- Get on the right path with best practices in business communications.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Business Continuity & Risk Management Forum
-
July 15 - 16, 2008New York MarriottRegister now »
at the Brooklyn Bridge
Reference priority code ONLINE and save $300 off the full registration price — attend the program for $395
