Firms to spend more on data security, privacy, says Ernst & Young study

Three of four respondents to a recent survey said data security and privacy concerns will require further investment on their part.

According to the research, over three-quarters of respondents cited privacy and data protection as a significant issue that requires further investment. Those surveyed said that they have and would continue to invest most of their time, money and resources into formalizing procedures for the capturing, storage and sharing of data.

The change in attitude is likely due to the negative publicity showered on companies - and government agencies - that have suffered data breaches.

Ernst & Young's Ninth Annual Global Information Security Survey sought the views of 1,200 information security professionals in both public and private sector organizations in 48 countries.

Richard Brown, head of technology and security risk services at Ernst & Young, said companies are now starting to realize that information security policies are an important business tool.

"Businesses are only just waking up to the dangers of having little or no privacy policy in place for managing sensitive data. The tipping point appears to be growing consumer concern and awareness - identity theft, loss of personal data, phishing attacks and other data infringements are no longer things you just hear about, they have probably happened to someone you know," he said. "This intensifying pressure from the consumer to address privacy has forced companies to re-evaluate their data risk practices and procedures, particularly in the financial services sector."

The report also found that while many organizations are beginning to recognize the importance of privacy and data protection, they still fail to manage third-party risk despite several cases of consumer data stolen from customer service outsourcing companies. For the second year running, about 55 percent of corporations said they have no formal agreements in place with third-party suppliers.

"In the last two years there has been little or no effort by organizations to address the risks associated with sharing data with a third party," said Brown. "A security breach in a third-party partner could be enough to bring an organization down, and many more businesses will get burnt if this does not get better."

The research revealed that compliance remains the top driver impacting information security practices, with 80 percent of respondents saying work undertaken to achieve regulatory compliance has improved the organization's information security.

Furthermore, over half of those surveyed said three popular new technologies - remote computing, removable media and wireless networks - pose the greatest risk to information security.

According to Brown, there are many challenges ahead for businesses and IT professionals.

"Information security is not just about tackling computer crime it is about mitigating the risks to your business, investors, customers and other stakeholders," he said. "There are strong challenges ahead for business and IT leaders in managing information security, as supply chains become increasingly complex, people and technology more mobile and businesses integrate outsourcing and third parties further into their business models."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.