Skip to main navigation

2011 Global Information Security Survey - Preparing for the worst - EY - Global

2011 Global Information Security Survey

Preparing for the worst

  • Share
For the second consecutive year, respondents have indicated that business continuity is their top funding priority.

Unexpected and catastrophic occurrences, including natural disasters and terrorist attacks, can cause tragic losses on both personal and business levels.

As organizations grow in size and complexity within the borderless world, the impact of non-availability of key resources has magnified.

Big disasters, as well as smaller disruptions, have prompted leading executives to prepare for the worst by investing in effective business continuity management (BCM), with information security measures playing a key role.

Business continuity preparedness

Our survey results reflect this trend: most respondents are making business continuity and disaster recovery a top funding priority for the coming year, with 36% of respondents identifying it as their top funding priority, three times as many as those who indicated that the second-ranked area.

Which of the following information security areas will receive the most funding over the coming 12 months?

Some organizations are still not prepared:

  • 18% indicated they have no BCM program in place
  • Only 56% indicated that management had approved BCM activities

Despite business continuity being the top funding priority, many respondents report only partial BCM, with 45% of organizations having no procedures to respond to crisis events, no procedures to protect staff or no plans that cover all critical business processes.

45% indicated that they lack procedures to help ensure they will continue working through a disaster.

Many organizations still have a long way to go before they can be confident that they have actually planned for a worst-case scenario.

Our perspective
  • Prepare for and secure business continuity plans that anticipate high-impact, low-frequency events, and determine which are integrated into a broader risk management framework that focuses on protecting the organization from catastrophic loss.
  • Assess if the business continuity plan has the right level of maturity in light of the emerging trends and new technologies.
  • Test the organization’s business continuity plan frequently to validate your business resiliency in practice.
  • Solicit the support of the board and the audit committee for their business continuity programs.

« Previous | Next »


Related content

Read related thought leadership on our website.


Save Into the cloud, out of the fog:
EY's 2011 Global Information Security Survey
as a printable document (10.2 MB PDF).


IT Risk and Assurance Services leaders:

Back to top