Information security strategies fail to meet corporate needs


Information security strategies fail to meet corporate needs

Antony Savvas

Information security remains isolated from executive management and business strategy, a survey from consultant Ernst & Young has found.

The Ernst & Young Global Information Security Survey, among executives at around 1,300 firms worldwide, says companies are still failing to implement an holistic approach towards information security, as the security function remains too isolated from executive management and the strategic decision-making process.

The survey reveals that a third of information security personnel never meet with company board or audit committee members, and over a quarter of information security personnel do not report to business leaders on information security compliance or incidents.

Monthly meetings are three times more likely to take place between information security and IT than with corporate officers, said Ernst & Young.

Richard Brown, head of technology security and risk services at Ernst & Young, said, "Recent incidents in the UK have done much to highlight the lack of protection of information assets held by organisations.

"Information security has never been so high up on the corporate and private individual's agenda, which means it has to move forward on the business, and not just the IT agenda."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy