Reprisals from employees made redundant and inadequate
security budgets are top concerns for IT professionals, a survey
has revealed.
Three-quarters of nearly 2,000 senior executives polled in 60
countries said they are concerned about
possible reprisals from former employees.
Some 42% of respondents said they are trying to understand the
risks and 26% are taking steps to mitigate them, the Ernst &
Young 2009 Global Information Security Survey found.
Business IT system and data are becoming a
target of employees who feel resentful after
being made redundant, said
Richard Brown, partner in IT risk advisory at
Ernst & Young.
"It is paramount that companies undertake a specific risk
assessment exercise to identify their potential exposure and put in
place appropriate risk-based responses, he said.
Allocating adequate budget to IT security continues to be a
challenge, with half of respondents ranking this as a
significant challenge, up 17% compared with 2008.
Only 40% of respondents said they plan to increase IT security
spending and more than half (52%) said security spending would
remain the same.
"Information security is not immune to external economic forces
and senior IT professionals will need to improve efficiency and
effectiveness while keeping spending to a minimum," said Richard
Brown.
Regulatory compliance is a top priority and continues to be an
important driver of information security improvements, the survey
revealed.
Some 55% said regulatory compliance costs accounted for moderate
to significant increases in their overall information security
costs.
Only 6% of respondents plan on spending less over the next 12
months on regulatory compliance.
Data protection is at the forefront of many information security
leaders' minds, with
data leakage prevention (DLP) technologies one of the top three
priorities for 40% of respondents.