A growing number of organizations believe that an information security incident would have a greater impact on reputation and brand than on revenue, with 85 percent of respondents to a new Ernst & Young survey citing damage to reputation and brand as significant, compared with 72 percent for loss of revenue. Regulatory sanction is cited by only 68 percent, the report stated. The survey canvassed nearly 1,400 senior executives in more than 50 countries.
"A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident," Ernst & Young Technology & Security Risk Service chief Paul van Kessel said in a release. For the past few years, most improvements in information security stemmed from regulatory compliance, he said, but now the desire to protect brand is motivating many firms to "do more than just tick regulatory and corporate compliance boxes."
Despite tightening economies, the report indicates that organizations are increasing investments in information security and more are adopting international security standards. About 67 percent of respondents interviewed say they have now implemented controls to protect personal information. Half of respondents are set to increase their budgets for security and only 5 percent plan to decrease money flowing to those accounts, officials said.
Ernst & Young IT Enablement Center's Jose Granado said deciding where the money is spent will be crucial. "It is not enough to simply fund further technical solutions, such as encryption," he said. It is the people who are often the "weakest link" that need the attention, with 50 percent of respondents citing awareness within their organization as the biggest challenge to information security.
Meanwhile, the study showed that use of third parties and outsourcers is on the rise and organizations are taking related steps to safeguard information. But Ernst & Young says there is room for improvement. Only 45 percent of those polled include specific IT security requirements in all of their contracts with third parties and almost one-third do not review how contractors are protecting their information. The full report is available here.
New Media
Online Politics
Tech Policy
Comments
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Tech Daily Dose does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.