Media Release - 25 November 2010
Senior Communications Manager
Ernst & Young
+64 274 899 700
Borderless workplaces, mobility and 24x7 systems access top IT risks to business: Businesses unprepared
25 Novmeber 2010
- Mobile workforce increases focus on data leakage prevention
- Companies who examine and address the risks with their people better armed and better placed to take advantage of new technologies
- Certification of cloud service providers perceived as a must
- Examining new and emerging IT trends reported to be least important information security function
Companies remain unprepared for the risks associated with the adoption of new technologies with less than a third of global businesses with an IT risk management program in place capable of protecting vital company data.
Ernst & Young’s 13th annual Global Information Security Survey, which surveyed 1,600 people across New Zealand and 55 other countries, found just one in ten companies considered examining the risks associated with new and emerging IT trends a key function of information security.
“Results for NZ participants were largely consistent with global findings with some statistics reflecting the country’s reputation as an ‘early adoptor’ of technology,” said Paul Mahan. Ernst & Young’s IT partner. “Another differentiator for NZ was that participants gave a significantly higher priority to data leakage/data loss prevention technologies and processes, protecting personal information, securing new technologies and security testing than the global survey participants. NZ also plans to spend more on information security in the coming year at 55% against 46% of respondents globally.”
“While many organisations are now recognising IT risk and increasing their investment in data leakage prevention technologies, encryption and identity and access management services, it is the Boards, CEOs and their executive teams who must understand and assess the magnitude of the risk and potential business impacts,” Mr Mahan said.
Other key findings of the report included:
- With the adoption of social networking, cloud computing and personal devices, 97% of those surveyed believe there is a risk associated with these new technologies with 60% stating that the risk has increased in the past 12 months.
- Almost half of those surveyed (46%) said their annual investment in information security is increasing. NZ participants plan to spend higher than global participants at 55%.
- Fifty-three per cent of respondents said that increased workforce mobility is a significant or considerable challenge for ensuring information security.
- Sixty-four per cent of respondents said that the disclosure of sensitive data was one of their top five areas of IT risk, second only to the continuous availability of critical IT resources.
Globally, companies and their employees embracing new technologies – such as cloud computing, social networking, smart phones and tablet PCs – to boost efficiencies and leverage key trends remained conscious of the problems associated with compliance with regulatory requirements, business obligations and industry standards.
Mr Mahan said the significant increase in the use of external technology providers, adoption of new technology and an increasingly mobile workforce has soared over the past 12 months. This has meant the level of risk across all sectors has also increased in a short period of time, without the corresponding investment in security.
“There is no doubt that our work environment has become increasingly borderless,” Mr Mahan said. “And the majority of companies surveyed said this has increased their IT security risk and they are spending more on protecting their most critical information assets. However, managing borderless security is as much about managing people and improving knowledge as it is about securing systems, platforms and hardware.
“Companies who focus on raising awareness of the risks with their people, providing regular training and implementing meaningful policies, governance and management models will be better armed and better placed to take advantage of the benefits of these new technologies.”
The survey confirmed the popularity of mobile devices now means that no one is 'out of the office' which presented a considerable challenge to 54% of CIOs surveyed. Managing information security for an increasingly mobile workforce and the potential loss or leakage of sensitive information is the top concern of 64% of our respondents.
“Businesses must understand and accept the risk created by new technologies, including the technologies personally adopted by their employees for business purposes. Their information security policies must address acceptable use, define specific restrictions yet ensure they continue to evolve as technology adoption evolves to take advantage of the efficiencies they bring,” Mr Mahan said.
The survey also found that 45% of respondents are currently using, evaluating or are planning to use cloud computing services in the next 12 months.
“There is increasing hype around companies flocking to cloud computing in the wake of the economic downturn as a means to lower their capital expenditure, reduce internal resources and lower operating costs,” Mr Mahan said.
“But generally speaking, cloud computing has an unproven track record,” said Mahan.
“Outsourcing companies and cloud computing providers must focus on how they are ‘securing the cloud’. This is done by addressing the inherent security risks of data leakage, invisibility of company data and unauthorised access to data through strong contract management processes and effective audits.”
Notes to editors
Ernst & Young’s 2010 Global Information Security Survey was conducted between June and August 2010. Nearly 1,600 organizations in 56 countries and across all major industries participated.
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.
Ernst & Young refers to the global organisation of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services.
For more information, please visit www.ey.com
This news release has been issued by Ernst & Young New Zealand, a member firm of Ernst & Young Global Limited.