News

Compliance is security's ticket to the boardroom

The welter of compliance regulations, such as Sarbanes-Oxley and the EU's 8th Directive, have toppled worms and viruses as the prime driver for information security, according to accounting firm Ernst & Young's eighth annual security report.

Two-thirds of the 1,300 global companies interviewed put it top of their list of information security concerns, despite it being a bumper year for virus and worm activity.

But companies that view compliance as a distraction are missing an opportunity to embed security into their business. "Compliance is proving to be more of a distraction than a catalyst for information security becoming strategically aligned within organisations," says Edwin Bennett, global director of Ernst & Young's Technology and Security Risk Services.

"One might assume that with the attention information security is receiving due to regulatory compliance, organisations' information security postures are improving and information security as a function is becoming more integral to their strategic initiatives. Unfortunately, this is not happening on a consistent basis."

The study reveals a mismatch between business objectives and security. A commanding 81% of the respondents perceive compliance with corporate policies and procedures as more important than business objectives such as mergers and acquisitions, product launches and delivery.

Only 41% of the companies say they are using compliance as an opportunity to make changes to their security architecture.

Ernst & Young predicts that compliance will remain in its pole position for the next 12 months.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy