Canadian companies unprepared to address new technology risks: Ernst & Young
(Toronto – 23 November 2010) Less than a third of global businesses, including Canada’s, have an IT risk management program in place capable of addressing the risks related to the use of new technologies, says Ernst & Young.
Borderless security, the firm’s annual global information security survey, reveals that in spite of the rapid emergence of new technology, only one in 10 companies consider examining new and emerging IT trends as a very important activity for the information security function to perform.
A significant increase in the use of external service providers and business adoption of new technologies, including cloud computing, social networking and Web 2.0, is recognized to increase risk as much as 60% for respondents. Yet, in spite of this fact, less than half (46%) intend to increase their annual investment in information security.
“Technology advances have provided Canadian companies with seemingly endless ways to connect and interact with colleagues, customers and clients across the globe,” says Tony Ritlop, Canadian Leader of Ernst & Young’s IT Risk and Assurance practice. “While these developments represent a massive opportunity for IT to deliver significant benefits to the organization, new technology also brings significant risk.”
For example, more than half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives, due to widespread use of mobile computing devices, allowing individuals to access and distribute business information from anywhere at any time. For almost two-thirds (64%) of respondents, employees’ level of security awareness is recognized as a considerable challenge.
For the first time, continuous availability of critical IT resources was identified by respondents as one of the top five risks. Increased mobility and lack of control over end-user devices can cause problems when trying to implement effective and efficient business continuity and disaster recovery capabilities — identified by 50% of respondents as an area of increased expenditure.
Cloud computing services are gaining greater adoption: 23% of respondents are currently using cloud computing services and a further 15% are planning to use them within the next 12 months. When asked if an external certification of cloud service providers would increase trust, 85% of respondents said yes, with 43% stating that the certification should be based upon an agreed standard and 22% requiring accreditation for the certifying body.
“It’s vital that companies not only recognize these developing risks, but take action to avoid them,” says Mr. Ritlop.
According to Mr. Ritlop, in addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks. The delivery of effective, and regular, security awareness training is a critical success factor as companies attempt to keep pace with the changing environment.
Half of respondents plan to spend more over the next year on data leakage and data loss prevention — a seven percentage point increase from last year. To address potential new risks, 39% are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.