Businesses are only just waking up to the need to invest in data protection and privacy, according to a survey by Ernst & Young of 1,200 organisations worldwide.
The research shows that organisations are proactively identifying privacy and data protection as significant issues for the first time in the survey’s nine year history.
This is despite a growing number of high profile cases which have led to companies damaging their reputation by mismanaging personal data, said Richard Brown head of security risk services at Ernst & Young.
The survey found that compliance is the main driving force for companies implementing information security.
This had led to greater integration, with 43% of organisations saying their information security function is now part of their organisations' risk management function - up from 40% in 2005.
But while many organisations are beginning to understand the scale of investment they need to make in their own organisations, they are still failing to manage third party risk. Around 55% of companies had no formal agreements in place with third party suppliers, for the second year running, putting them potentially at risk.
Gaps also remain in business continuity planning, the survey shows. Although most firms have plans in place, only half have tested them and less than half have communication strategies in place, and one third have not agreed recovery times with the business.
“There are some strong challenges ahead for business and IT leaders in managing information security as supply chains become increasingly complex, people and technology more mobile, and businesses integrate outsourcing and third parties further into their models,” said Brown.
Comment on this article: [email protected]