Numbers: More Executives Say Information Security Can Improve Efficiencies, Drive Business Results
New research from Ernst & Young indicates that companies are having trouble balancing the traditional risk mitigation aspect of information security with its role in improving business performance.
By Katherine Walsh
December 21, 2007
—
CSO
—
Ernst & Young’s 10th annual Global Information Security Survey shows promising evidence that a growing number of organizations believe information security can improve overall corporate performance, as well as protect corporate assets.
However the survey, which canvassed 1,300 senior executives in more than 50 countries, also shows that companies are struggling to strike a balance between performance initiatives and risk mitigation strategies.
According to the study, “Information security teams must connect with executive management and be involved with the strategic decision-making process from the beginning. This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative.”
Key findings:
* Eighty-two percent of respondents reported some level of information security integration with overall organizational risk management, and 29 percent report full integration.
* Sixty-nine percent of respondents said that information security improves IT and operational efficiencies. (In the past, information security has been viewed as a barrier to IT and operational efficiency.)
* Fifty-eight percent of this year’s respondents said privacy and data protection are the second and third most important drivers behind infosec improvements, up from 41 percent in 2006.
* Although 64 percent of respondents ranked compliance as the primary driver of improvements to information security, 45 percent ranked meeting business objectives among the top drivers.
However, information security is still too isolated from executive management and the strategic decision-making process. Thirty-two percent of respondents rarely meet with their board or audit committee. While involvement is increasing, it continues at a slow pace.
More than 50 percent of respondents say that the number one challenge to delivering information security projects is a lack of experienced resources. To that end, 60 percent say they are outsourcing certain aspects of information security.
Associate Staff Writer Katherine Walsh can be reached at kwalsh@cxo.com.
--
The comment field below does not work. Please send your feedback directly to the author.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Katherine Walsh
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Your RSA, BSidesSF survival guide for 2012
Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.
read more - Patch Tuesday preview, February 2012
- M86 report proves water is wet
More Salted Hash with Bill Brenner
