Information security strategies fail to meet corporate needs


Information security strategies fail to meet corporate needs

Antony Savvas

Information security remains isolated from executive management and business strategy, a survey from consultant Ernst & Young has found.

The Ernst & Young Global Information Security Survey, among executives at around 1,300 firms worldwide, says companies are still failing to implement an holistic approach towards information security, as the security function remains too isolated from executive management and the strategic decision-making process.

The survey reveals that a third of information security personnel never meet with company board or audit committee members, and over a quarter of information security personnel do not report to business leaders on information security compliance or incidents.

Monthly meetings are three times more likely to take place between information security and IT than with corporate officers, said Ernst & Young.

Richard Brown, head of technology security and risk services at Ernst & Young, said, "Recent incidents in the UK have done much to highlight the lack of protection of information assets held by organisations.

"Information security has never been so high up on the corporate and private individual's agenda, which means it has to move forward on the business, and not just the IT agenda."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy