Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of February 2007

Untitled Document

 Home > News & Analysis
 Print Friendly Page ||  Email this story

Ernst & Young's 9th Annual Global Information Security Survey

Information Security is increasingly recognised as a driver of business improvement, informs Ernst & Young’s 9th Annual Global Information Security Survey, but companies need to do more to improve their information security posture in a globalised business environment. Among the five key priorities for information security, the one making the most dramatic leap up the boardroom risk agenda is privacy and personal data protection; which is also the most consumer-driven and a direct consequence of the outsourcing revolution.

The survey, sought the views of nearly 1,200 senior information security professionals in 48 countries, with 144 respondents from India, representing both multinational and local organisations.

Says Sunil Chandiramani, National Director, Risk & Business Solutions, Ernst & Young India, “With the rapid globalisation of Indian business, we are seeing increasing integration of information security into both the overall risk management framework and the culture of the organisation. Though about a third of the companies are still not routinely reporting on information security to their boards, we expect increasing visibility on these issues from top management.”

Compliance still remains the top driver

While privacy and personal data protection has become a major information security issue, compliance with regulations, for the second year running, is still the top driver that has most impacted, and will probably continue to impact, information security practices over the next 12 months. There is emphatic agreement - by almost 80 percent of survey participants - that efforts and activities undertaken to achieve regulatory compliance have actually improved companies’ information security. It will now be important for companies to be proactive in carrying out security rationalisation and optimisation, to sustain and embed their information security compliance controls and processes into their normal operations.

Among new technologies, removable media such as USB drives, web applications and wireless networks were rated as the topmost security concerns respectively.

Business Process Improvements:
  • Compliance, Privacy meeting business objectives are the key drivers for Indian information security practices.
  • Removable media, Web applications and wireless networks is rated as first three security concerns by Indian respondents.
  • 37 percent of Indian respondents either do not address or only have informal procedures for vendor risk management and outsourcing issues.

Third Party Risk

Even as the growth in third party outsourcing continues to accelerate, as many as 37 percent Indian respondents either do not address or have informal procedures for vendor risk management issues. While 44 percent respondents said they have formal procedures; 11 percent have got these validated by an independent agency. At a global level, 36 percent respondents had formal procedures and 6 percent had got these validated.

16 percent of organisations require their vendors to have an independent review of their information and privacy practices against leading practices.

Nearly 60 percent of Indian respondents reported formal procedures to address privacy and data protection issues, with 10 percent having been validated, compared to 52 percent and 6 percent respectively at the global level. The pressure to control and protect an individual’s personal information will only increase in the foreseeable future, making proactive involvement of information security in this area a priority, adds the survey.

Proactive Information Security

More than 30 percent of information security executives in India say they have adopted or plan to adopt (or become certified under) an information security standard. In addition, most survey participants subscribe to structured evaluation of their information security posture. Internal audit was reported as the leading evaluation method by nearly three-quarters of survey respondents, followed by formal external audit at 56 percent.

Further, business continuity plans are getting more streamlined. Over 80 percent companies surveyed in India had identified and prioritized critical processes for these plans. However, with 36 percent of the respondents not having tested or invoked these plans, it calls for a proactive, continued, integrated effort and commitment for information security from management, information technology and other stakeholders like critical third parties and business partners.

Five Major Priorities for Information Security

Based on its latest survey and the results from previous years, Ernst & Young has identified five major priorities for information security globally, where progress has been made but where there is an ongoing need for continuous improvement.

These include integrating information security with the organisation, embedding information security into the mainstream of the business with increased visibility and resources, using externally imposed compliance deadlines and security incidents as a catalyst for proactive investments in stronger capabilities and defenses.

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.