Please note…

You are now on the ey.com Belgium site. To return to the ey.com United States site or other country site, click on the Belgium (English) link on the upper right of this page, and select your preferred country site.

x
Skip to main navigation

Brand protection a major force driving Information Security - Ernst & Young - Belgium

Brand protection a major force driving Information Security


The Ernst & Young 2008 Global Information Security Survey shows that a growing number of organizations recognize the link between information security and a strong brand and reputation.

The survey, which canvassed nearly 1,400 senior executives in more than 50 countries, shows that most believe that a security incident would have a greater impact on reputation and brand than on revenues, with 85% of respondents citing damage to reputation and brand as significant, compared with 72% for loss of revenues. Regulatory sanction is cited by only 68%.

Gilbert Van Fraeyenhoven, partner of Ernst & Young’s Technology and Security Risk Services, comments: “A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident. The media coverage surrounding security breaches underscores just how devastating these failures can be to a firm’s reputation. For the past few years, most improvements in information security stemmed from regulatory compliance. Now, the desire to protect brand and reputation is motivating many organizations to do more than just tick regulatory and corporate compliance boxes.”

Despite tightening economies, the survey indicates that organizations are increasing investments in information security and more organizations are adopting international security standards. More than two thirds (67%) of respondents interviewed say they have now implemented controls to protect personal information.

Gilbert Van Fraeyenhoven continues: “Overall, the results of this year’s survey are encouraging; however, there are some key areas—such as insider threats, privacy and third-party relationships—that need more focus and investment.”

Spending set to increase
Despite an economic downturn faced by some of the world’s largest economies, 50% of respondents are set to increase their budgets for security; in fact, only 5% plan to decrease their current budgets.

“We believe that organizations recognize that security cutbacks would have an adverse effect on stakeholder perceptions. Most also believe that security threats and attacks increase during an economic downturn.

“However, where the money is spent will be critical. It is not enough to simply fund further technical solutions, such as encryption. It is the people who are often the "weakest link", with 50% of respondents citing awareness within their organization as the most significant challenge to information security. Businesses must work with information security to develop training and awareness programs and to adopt more sophisticated testing techniques.”

Third Parties in the Spotlight
The use of third parties and outsourcers is on the increase, and organizations are taking some important steps to safeguard information, but there is room for improvement. Only 45% include specific information security requirements in all of their contracts with third parties. Almost one third do not review or assess how contractors are protecting their information.

Gilbert Van Fraeyenhoven concludes: “There are an increasing number of reported incidents of data loss involving third parties and outsourcers that tells us that information security must be “portable.” Wherever data is in your supply chain it must be protected, and monitoring must encompass all those with whom you work.”
Ernst & Young press releases
Back to top