[ISN] Protecting corporate reputation a key aim of IT security

From: InfoSec News (alerts@private)
Date: Thu Sep 28 2006 - 00:27:39 PDT


http://www.ottawabusinessjournal.com/287132340207207.php

By Ottawa Business Journal Staff
Sep 27, 2006

A global survey has found Canadian companies are more concerned with 
protecting their reputations than their global competitors when they 
spend on information security.

According to the 2006 Global State of Information Security survey, 53 
per cent of Canadian companies surveyed said their reputation was 
driving their information security spending. The global average was 41 
per cent.

"Poor information security that loses data such as customer profiles can 
seriously affect a company's brand," says Greg Murray of 
PricewaterhouseCoopers. "The cost of handling the public relations 
issues associated with losing customer identities can be devastating."

The survey includes the responses of almost 7,800 senior executives at 
companies in more than 50 countries. Two hundred and fifty Canadian 
organizations of various sizes participated, representing a wide range 
of sectors.

The study found that 67 per cent of Canadian organizations actively 
engage both business and IT decision-makers in addressing information 
security issues, compared to 52 per cent worldwide.

However, organizations are still relying too much on funding from their 
IT budgets to pay for overall security.

"In some areas, Canadian companies have recognized that all business 
units should contribute to the information security budget," Mr. Murray 
says "Unfortunately, many organizations continue to rely on IT dollars 
to fund security and a better balance is needed. All departments are 
affected by breaches to information security it's much more than just an 
IT issue, it's a business issue."

When it comes to overall spending, 48 per cent of companies said their 
information security budgets will increase in 2006, while 42 per cent 
said it will stay the same. Limited budgets and a limited number of 
staff dedicated to security were identified as the top two barriers to 
better security.

Mr. Murray was surprised to find that 61 per cent of Canadian 
respondents surveyed have limited or no security training for the 
end-users of technology their employees.

"Over the long term, organizations need to create a culture of security 
in the workplace, where employees recognize the threats to their 
organization's information security and how they can combat them," he 
says.

When it came to staffing, almost two-thirds of Canadian organizations 
were found to be dedicating two or less full-time employees or 
equivalents to information security. The global average was 55 per cent.

Less than a third of Canadian respondents said their physical and IT 
security functions report to the same executive leader.

"Information security teams need to align with physical security 
personnel to protect a business. The two areas can no longer work in 
isolation," Mr. Murray says.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:31:44 PDT