The survey, which canvassed nearly 1,400 senior executives in more than 50 countries, shows that most believe that a security incident would have a greater impact on reputation and brand than on revenues, with 85% of respondents citing damage to reputation and brand as significant, compared with 72% for loss of revenues. Regulatory sanction is cited by only 68%.

Paul van Kessel, Global Leader of Ernst & Young’s technology and security risk services, comments: “A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident. The media coverage surrounding security breaches underscores just how devastating these failures can be to a firm’s reputation.

"For the past few years, most improvements in information security stemmed from regulatory compliance. Now, the desire to protect brand and reputation is motivating many organisations to do more than just tick regulatory and corporate compliance boxes.”

Despite tightening economies, the survey indicates that organisations are increasing investments in information security and more organisations are adopting international security standards. More than two thirds (67%) of respondents interviewed say they have now implemented controls to protect personal information.

Van Kessel continues: “Overall, the results of this year’s survey are encouraging; however, there are some key areas — such as insider threats, privacy and third-party relationships — that need more focus and investment.”