Global Information Security Survey 2008 looks at compliance
The findings show that organisations are moving beyond regulatory and corporate compliance to protect their brand and reputation.
The survey, which canvassed nearly 1,400 senior executives in more than 50 countries, shows that most believe that a security incident would have a greater impact on reputation and brand than on revenues, with 85% of respondents citing damage to reputation and brand as significant, compared with 72% for loss of revenues. Regulatory sanction is cited by only 68%.
Paul van Kessel, Global Leader of Ernst & Young’s technology and security risk services, comments: “A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident. The media coverage surrounding security breaches underscores just how devastating these failures can be to a firm’s reputation.
"For the past few years, most improvements in information security stemmed from regulatory compliance. Now, the desire to protect brand and reputation is motivating many organisations to do more than just tick regulatory and corporate compliance boxes.”
Despite tightening economies, the survey indicates that organisations are increasing investments in information security and more organisations are adopting international security standards. More than two thirds (67%) of respondents interviewed say they have now implemented controls to protect personal information.
Van Kessel continues: “Overall, the results of this year’s survey are encouraging; however, there are some key areas — such as insider threats, privacy and third-party relationships — that need more focus and investment.”
Have your say...
The approval of your comment is at the discretion of this article's publisher. Write your comment with the following in mind to ensure the highest likelihood of it being approved:
- No promotional undertones
- No use of profanity
- Good spelling, grammar and layout
- Check punctuation, language and missing words
- No use of aggression
- No unsubstantiated claims
We reserve the right to remove comments at our discretion.
Your name is used alongside Comments.