Ernst & Young: IT Security Tied To Corporate Image

October 28, 2008

A growing number of organizations believe that an information security incident would have a greater impact on reputation and brand than on revenue, with 85 percent of respondents to a new Ernst & Young survey citing damage to reputation and brand as significant, compared with 72 percent for loss of revenue. Regulatory sanction is cited by only 68 percent, the report stated. The survey canvassed nearly 1,400 senior executives in more than 50 countries.

"A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident," Ernst & Young Technology & Security Risk Service chief Paul van Kessel said in a release. For the past few years, most improvements in information security stemmed from regulatory compliance, he said, but now the desire to protect brand is motivating many firms to "do more than just tick regulatory and corporate compliance boxes."

Despite tightening economies, the report indicates that organizations are increasing investments in information security and more are adopting international security standards. About 67 percent of respondents interviewed say they have now implemented controls to protect personal information. Half of respondents are set to increase their budgets for security and only 5 percent plan to decrease money flowing to those accounts, officials said.

Ernst & Young IT Enablement Center's Jose Granado said deciding where the money is spent will be crucial. "It is not enough to simply fund further technical solutions, such as encryption," he said. It is the people who are often the "weakest link" that need the attention, with 50 percent of respondents citing awareness within their organization as the biggest challenge to information security.

Meanwhile, the study showed that use of third parties and outsourcers is on the rise and organizations are taking related steps to safeguard information. But Ernst & Young says there is room for improvement. Only 45 percent of those polled include specific IT security requirements in all of their contracts with third parties and almost one-third do not review how contractors are protecting their information. The full report is available here.

Juliana Gruenwald

Tech Writer

E-Mail: jgruenwald@nationaljournal.com.

Juliana Gruenwald has been covering tech and telecom issues for more than a decade for National Journal, Interactive Week, BNA and Congressional Quarterly. This is her second stint with National Journal. She was recruited by NJ in 1998 to help launch its first tech policy publication, Technology Daily. She left in 2000 to cover international tech and telecom issues for Ziff Davis Media's Interactive Week magazine. She started her career at United Press International as the wire service's first Helen Thomas Intern. She has a Bachelor of Arts degree from the University of Minnesota. A Minneapolis native, she misses the lakes but not the cold.

Josh Smith

Tech Reporter

E-Mail: joshsmith@nationaljournal.com.

Josh Smith covers technology policy as a staff reporter for National Journal. He previously interned at National Journal Daily, a Senate press office, and the Deseret News in Salt Lake City where he covered the state legislature, courts, and crime. In 2009 he graduated with honors from Southern Utah University after managing an award-winning student newspaper as editor-in-chief. Josh has received state, regional and national awards for his political and policy reporting, including first place in CapitolBeat’s 2009 Best of Statehouse Reporting college competition. A native of drop-dead-gorgeous Utah, Josh lives in Virginia with his wife, Amber.

HOME

WHITE HOUSE

POLITICS

CONGRESS

DOMESTIC POLICY

NATIONAL SECURITY

TECH

COLUMNS

BLOGS

POLLS

EVENTS