Information security remains isolated from executive management and business strategy, a survey from consultant Ernst & Young has found.
The Ernst & Young Global Information Security Survey, among executives at around 1,300 firms worldwide, says companies are still failing to implement an holistic approach towards information security, as the security function remains too isolated from executive management and the strategic decision-making process.
The survey reveals that a third of information security personnel never meet with company board or audit committee members, and over a quarter of information security personnel do not report to business leaders on information security compliance or incidents.
Monthly meetings are three times more likely to take place between information security and IT than with corporate officers, said Ernst & Young.
Richard Brown, head of technology security and risk services at Ernst & Young, said, "Recent incidents in the UK have done much to highlight the lack of protection of information assets held by organisations.
"Information security has never been so high up on the corporate and private individual's agenda, which means it has to move forward on the business, and not just the IT agenda."