Senior management is starting to get it. The light is coming on because they are understanding the business use of IT, and the information security that comes with it, is becoming a much bigger factor, a new study said.
Thirty-one per cent of respondents said the number of security incidents within their organization increased by at least 5 percent over the past 12 months, according to Ernst & Young’s (EY) 16th annual 2013 global information security survey.
Organizations have now realized the extent and depth of the threat posed to them, resulting in information security being “owned” at the highest level within 70 percent of the organizations surveyed.
The global survey tracks the level of awareness and action by companies in response to cyber threats, and canvasses the opinions of more than 1,900 senior executives.
This year’s results show, as companies continue to invest heavily to protect themselves against cyber attacks, the number of security breaches is on the rise and it is no longer a question of if, but when, a company will be the target of an attack.
The survey also shows with information security functions not fully meeting the needs in 83 percent of organizations, 93 percent of companies globally are maintaining or increasing their investment in cyber security to combat the threat from cyber attacks.
This year’s survey shows that organizations are moving in the right direction, but more still needs to occur now, said Paul van Kessel, EY global risk leader.
“There are promising signs that the issue is now gaining traction at the highest levels. In 2012, none of the information security professionals surveyed reported to senior executives. In 2013, this jumped to 35 percent,” he said.
“Cyber-crime is the greatest threat for organizations’ survival today,” said Ken Allan, EY global information security leader. “While budget allocations towards security innovation are inching their way up, enabling organizations to channel more resources toward innovating solutions that can protect them against the great unknown — the future — many information security professionals continue to feel that their budgets are insufficient to address mounting cyber risks.”
With all the news on cyber attacks, information leakages, new regulations and emerging technologies, organizations need to start doing more by rethinking how they are dealing with the challenges, said Gerry Chng, EY’s Asean information security leader.
The survey found that, despite half of the respondents planning to increase their budget by 5 percent or more over the next 12 months, 65 percent cite an insufficient budget as their No 1 challenge to operating at the levels the business expects; and, among organizations with revenues of US$10 million or less, this figure rises to 71 percent.
Of the budgets planned for the next 12 months, 14 percent ended up earmarked for security innovation and emerging technologies.