The Fortune 500’s Digital Security Efforts Still Lag

In April, Ernst & Young conducted a survey of 91 Fortune 500 companies to determine their strength and the extent of their digital security programs. The survey found that few companies had security technology and policy in place that amounted to “world class” digital security. The survey polled executives and senior managers from companies in sectors including technology and media, financial services, automotive energy, and telecommunications. The companies ranged in size from fewer than 10,000 employees to more than 250,000. Ernst & Young examined the companies’ intrusion and virus detection capabilities, incident response plans, policies, standards and guidelines, and vulnerability management programs.

The telecom industry (scoring 58 out of a possible 75 points) stood out as the most prepared industry in the study, grabbing top marks in all but two categories. Financial services (53) and technology and media (51) companies followed, demonstrating above-average security preparedness. Energy companies, however, were exposed as the least prepared of the included groups, as they tallied below-average scores in seven categories and scored the lowest in three.

The type of industry examined played a role in the scores, the study found, as it was fitting that the data- and technology-driven telecommunications companies were most prepared for digital security incidents, whereas the primarily physical-infrastructure-based energy companies scored higher in physical security and business continuity areas.

The scores indicate to Ernst & Young that “the inevitability of an incident occurring has become accepted, and the ability of an organization to react adequately has allowed a false, smug confidence to pervade the marketplace.”

“Organizations must be prepared to respondnot reactto a digital security incident,” the report says. The full survey can be found online at www.csoonline.com/printlinks.