Posted: 27/11/2012
Businesses are seriously over-estimating the strength of their information security measures, leaving themselves open to being defrauded, and reducing their attractiveness to potential clients in emerging markets.
These are key findings in the 2013 PwC, CIO magazine and CSO magazine's ‘Global State of Information Security Survey'®, and Nick Vermeulen (pictured), head of Advisory services at PwC Channel Islands, believes these issues are of vital importance to local businesses looking to expand eastwards.
The 10th annual survey of more than 9,300 top-ranking Executives from 128 countries found that 68 percent of respondents report confidence in the effectiveness of their organisation's information security activities. In addition, nearly half (42 percent) view their organization as a “front-runner” in information security strategy and execution.
However, the survey finds that only 8 percent actually qualify as true information security leaders.
PwC defines “leaders” as companies that have a chief information security officer (or CISO equivalent) in place, have an overall information security strategy, have measured and reviewed the effectiveness of their security in the last year, and understand exactly what types of security events have occurred.
Also worryingly, in today's world of "big data," the survey finds that most organizations are keeping looser tabs on their data today than in years past. Fewer than 35 percent of respondents said they have an accurate inventory of employee and customer personal data, and only 31 percent reported they had an accurate accounting of locations and jurisdictions of stored data.
Fewer than half of the respondents (45 percent) expect an increase in their information security budgets in the next 12 months, despite an increase in the number reporting 50 or more security incidents (13 percent). While multiple factors shape security budgets, the primary determinant is the economic environment and information security concerns are far down the list.
Nick Vermeulen highlights the fact that among all regions, Asia has the fewest respondents who expect a decrease in security budgets this year. For Asia, years of investment is now paying off as it leads the world in security practices and performance. As for keeping up with new challenges, Asia rates highly for mobile security initiatives and cloud security strategy.
Mr Vermeulen suggests this trend is highly relevant for our finance industries locally, which are affected by the global shift of capital flow to the east. He commented:
“We need to factor in the expectations these markets will have around how we do business with them. If we are to succeed in building strong relationships with them, we need information security that meets or exceeds their own standards and there will also quite likely be a high benchmark set for us to reach, on every aspect of how we use digital technology to do communicate and do business.”
He goes on to stress the urgent need for both islands to have strategies in place for developing a digital economy: “We must ensure businesses operating from our islands have all the support they need both to get the basics right and transform their businesses to a digital model and prosper,” added Mr Vermeulen.