Lapses in information security among UK businesses are still
poorly recorded and understood, reflecting a lack of understanding
of the threat level that organisations face, according to the
PricewaterhouseCoopers annual
Global State of Information Security Survey 2008.
The survey polled 7,000 IT executives from 119 countries (more
than 300 from the UK) across all industries on the challenges of
protecting corporate information assets.
Although organisations continue to invest heavily in security
tools such as software for intrusion detection, encryption and
identity management, they are still struggling with their security
processes, the study shows.
Most UK companies in the sample did not know where their data
was located, 37% were not sure how many incidents they had
suffered, and more than half could not say what type of security
incident had occurred or what had caused them.
Some 30% of companies had neither measured nor reviewed the
effectiveness of their information security policies over the past
year.
Confidence about the effectiveness of their organisation's
information security activities was also low among the UK
executives polled. Less than one in three said they were very
confident that their information security was effective. And less
than one in four felt very confident about the effectiveness of
their suppliers' or business partners' security.
The latter is perhaps not a surprising finding given the recent
problems that some organisations have encountered over security
lapses when third parties have handled their data, said PwP.
William Beer, director in the information security group of PwP,
said, "There appears to be an overall misalignment with executive
management's view of security, causing many organisations to fail
to capture the full value from their spending in this area.
"Information has become the new currency of business. Its
availability, integrity and confidentiality are crucial components
of a collaborative business."
More on data security:
Firms should not see data security as a one size fits all
requirement, says Verizon >>