A survey on compliance and security by management consultancy Ernst & Young has demonstrated the lock that compliance has on the Boardroom’s mindset.
Despite this, organisations are missing the opportunity that this reliance on compliance offers to promote information security as an integral part of the business, according to Ernst & Young's annual Global Information Security Survey.
Nearly two-thirds of survey respondents - representing 1,300 global companies, government and non-profit agencies in 55 nations - said compliance with regulations such as Sarbanes-Oxley, or the Companies Act had become the main corporate driver of information security.
Yet, according to Ernst & Young, compliance has proved to be more of a distraction than a catalyst for information security when it comes to becoming strategically aligned within organisations. The gap continues to widen between the growing risks brought on by rapid changes in the global business environment and what information security is doing to address those risks.
In general, although awareness about information security has risen as a critical issue among boards and executive management, they continue to focus information security activities on operational and tactical issues, rather than addressing strategic concerns.
The survey also found that rapidly developing technologies such as voice-over IP telephony, open source software, and server virtualisation, which offer a future competitive advantage are considered to be a security concern only among 20% of organisations.