Home Trusted by 600,000+ buyers

Global Information Security Survey 2008 looks at compliance

19 November, 2008

The findings show that organisations are moving beyond regulatory and corporate compliance to protect their brand and reputation.

Ernst & Young's 2008 Global Information Security Survey (GISS), now in its 11th year, looks at the current state of information security and offers recommendations for creating an improvement agenda for the future.

The survey, which canvassed nearly 1,400 senior executives in more than 50 countries, shows that most believe that a security incident would have a greater impact on reputation and brand than on revenues, with 85% of respondents citing damage to reputation and brand as significant, compared with 72% for loss of revenues. Regulatory sanction is cited by only 68%.

Paul van Kessel, Global Leader of Ernst & Young’s technology and security risk services, comments: “A good brand and reputation can take years to build but can be severely damaged or even destroyed by a single security incident. The media coverage surrounding security breaches underscores just how devastating these failures can be to a firm’s reputation.

"For the past few years, most improvements in information security stemmed from regulatory compliance. Now, the desire to protect brand and reputation is motivating many organisations to do more than just tick regulatory and corporate compliance boxes.”

Despite tightening economies, the survey indicates that organisations are increasing investments in information security and more organisations are adopting international security standards. More than two thirds (67%) of respondents interviewed say they have now implemented controls to protect personal information.

Van Kessel continues: “Overall, the results of this year’s survey are encouraging; however, there are some key areas — such as insider threats, privacy and third-party relationships — that need more focus and investment.”

Have your say...

We welcome thoughtful comments from readers
Reload characters
Type the characters you see in this box. This helps us prevent automated programs from sending spam.