15 Sep 2010
UK companies plan to spend less on securing vital corporate information than their international competitors, despite growing C-level recognition of the importance of information security.
According to a new survey bt PricewaterhouseCoopers (PwC), less than a third of UK-based firms plan to increase IT security spending next year (31 per cent), compared with an international average of 52 per cent.
Despite the stringent spending restrictions, the importance of a strategic approach to information security was increasingly understood at the most senior levels, thanks to high-profile incidents such as the one that led to Zurich Insurance being fined £2.3m by the Financial Services Authority, said William Beer, director of PwC’s OneSecurity practice.
“The UK spending plans simply reflect the overall pessimism about the economy,” he said.
The belt-tightening under way in the UK is forcing companies to re-evaluate how all aspects of their security strategy – people, process and technology – are aligned with the business strategy, said Beer.
“Firms are also evaluating whether the chief information security officer should report in to the CIO, the CFO or whether information security was so critical that they should report directly to the board,” Beer added.
PwC surveyed more than 13,000 C-level executives from across the globe.
It may be surprising to see that so many businesses are not planning to increase their spending on IT security, despite staff spending more and more time online, particularly on social networking sites.
While there is the real risk that people steal confidential information from inside the organisation, it could just as easily be a result of an accidental or inadvertent action. For example, if a member of staff has inappropriate access rights and ends up sharing the sensitive information they have access to, the effects can be incredibly damaging. Your company is facing brand damage, a loss of competitive advantage, legal liability or compliance breaches. Any or all of these can end up affecting the bottom line and cost the company to put right.
Earlier this year we worked with Quocirca and performed our own research which we entitled "You sent what?" The findings were really very interesting.
We discovered that only 28% of organisations in 14 European countries have deployed Data Loss Prevention (DLP) technology. Without taking the necessary steps to identify what sensitive data exists within their organisation and adequately protect it from loss or misuse, organisations are jeopardising compliance, brand reputation, and their competitiveness.
The majority of organisations are expecting data privacy to be a major driver for regulatory change in the next years. They blamed a lack of time, resources and a multitude of manual processes, for failing to address many of the compliance issues they face today.
Interestingly, almost 90% of organisations that have deployed Data Loss Prevention technologies stated they are well prepared to protect intellectual property and personal data. For those without DLP the figure is 26%...quite a difference I am sure you will agree.
Posted by: Simon Godfrey, Director, Information Security, Risk and Compliance - CA Technologies 20 Sep 2010
Whilst these cuts are clearly a reflection of the economy and the need to be more stringent, organisations need to also be aware of the risks to their business.
There should be clear policies in place, particularly with regards to the prevention of data loss.
Organisations need to learn from each other's mistakes, such as the likes of Zurich, Yorkshire Building Society, the NHS and Greater Manchester Police in recent news.
I have just written a blog on this, if you'd like to take a look... http://www.msc247.com/latest-news/2010/09/data-loss-why-are-organisations-not-learning-from-each-other%E2%80%99s-mistakes/
Posted by: Juliette_msc 16 Sep 2010
Have your say on this article
Newsletters
Latest stories from Management
Latest videos
You may also like
Management jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
