Skip to main navigation

2011 Global Information Security Survey - Looking into the future - EY - Global

2011 Global Information Security Survey

Looking into the future

  • Share
Organizations would be better served by not always acquiring the latest tools, but instead focusing on the fundamentals.

The results from this year’s survey indicate that the risk landscape is changing at an accelerated pace.

Surprisingly, only 53% of respondents have a documented security strategy, and only 47% indicated that their current strategy adequately addresses the risks.

Additionally, 56% of participants indicated they need to modify their strategy or need to investigate further to understand the new risks.

Point solutions have ceased to work

This year’s results show that 31% of respondents indicated that their organization has recently purchased information security solutions that are perceived as having failed or under-delivered. Organizations would be better served by not always acquiring the latest tools, but instead focusing on the fundamentals.

The emergence of IT risk management as a structured approach

To effectively manage IT risks, organizations need to gain a broad and comprehensive view of the entire IT risk landscape.

This holistic perspective will provide companies with a starting point to help identify and manage current IT risks and challenges, as well as those that may evolve over time. When we look at our survey results, 84% of respondents indicated that they have an IT risk management program in place or are considering it within the next 12 months.


Our perspective
  • Revisit your information security strategy to conform to the current risk landscape.
  • Instead of acquiring the latest tools, focus on the fundamentals.
  • Implement a structured, pragmatic approach to managing IT risk to make sure it focuses on the risks that matter. We see an IT risk management or governance risk and compliance (GRC) approach as a key future investment for many organizations.
  • Address the entire IT risk universe in your IT risk or GRC program, which is broader than just information security.

« Previous

Contents

Related content

Read related thought leadership on our website.


Download

Save Into the cloud, out of the fog:
EY's 2011 Global Information Security Survey
as a printable document (10.2 MB PDF).


Contacts

IT Risk and Assurance Services leaders:

Back to top