A survey on compliance and security by management
consultancy Ernst & Young has demonstrated the lock that
compliance has on the Boardroom’s mindset.
Despite this, organisations are missing the opportunity that
this reliance on compliance offers to promote information security
as an integral part of the business, according to Ernst &
Young's annual Global Information Security Survey.
Nearly two-thirds of survey respondents - representing 1,300
global companies, government and non-profit agencies in 55 nations
- said compliance with regulations such as Sarbanes-Oxley, or the
Companies Act had become the main corporate driver of information
security.
Yet, according to Ernst & Young, compliance has proved to be
more of a distraction than a catalyst for information security when
it comes to becoming strategically aligned within organisations.
The gap continues to widen between the growing risks brought on by
rapid changes in the global business environment and what
information security is doing to address those risks.
In general, although awareness about information security has risen
as a critical issue among boards and executive management, they
continue to focus information security activities on operational
and tactical issues, rather than addressing strategic concerns.
The survey also found that rapidly developing technologies such
as voice-over IP telephony, open source software, and server
virtualisation, which offer a future competitive advantage are
considered to be a security concern only among 20% of
organisations.