http://www.ottawabusinessjournal.com/287132340207207.php By Ottawa Business Journal Staff Sep 27, 2006 A global survey has found Canadian companies are more concerned with protecting their reputations than their global competitors when they spend on information security. According to the 2006 Global State of Information Security survey, 53 per cent of Canadian companies surveyed said their reputation was driving their information security spending. The global average was 41 per cent. "Poor information security that loses data such as customer profiles can seriously affect a company's brand," says Greg Murray of PricewaterhouseCoopers. "The cost of handling the public relations issues associated with losing customer identities can be devastating." The survey includes the responses of almost 7,800 senior executives at companies in more than 50 countries. Two hundred and fifty Canadian organizations of various sizes participated, representing a wide range of sectors. The study found that 67 per cent of Canadian organizations actively engage both business and IT decision-makers in addressing information security issues, compared to 52 per cent worldwide. However, organizations are still relying too much on funding from their IT budgets to pay for overall security. "In some areas, Canadian companies have recognized that all business units should contribute to the information security budget," Mr. Murray says "Unfortunately, many organizations continue to rely on IT dollars to fund security and a better balance is needed. All departments are affected by breaches to information security it's much more than just an IT issue, it's a business issue." When it comes to overall spending, 48 per cent of companies said their information security budgets will increase in 2006, while 42 per cent said it will stay the same. Limited budgets and a limited number of staff dedicated to security were identified as the top two barriers to better security. Mr. Murray was surprised to find that 61 per cent of Canadian respondents surveyed have limited or no security training for the end-users of technology their employees. "Over the long term, organizations need to create a culture of security in the workplace, where employees recognize the threats to their organization's information security and how they can combat them," he says. When it came to staffing, almost two-thirds of Canadian organizations were found to be dedicating two or less full-time employees or equivalents to information security. The global average was 55 per cent. Less than a third of Canadian respondents said their physical and IT security functions report to the same executive leader. "Information security teams need to align with physical security personnel to protect a business. The two areas can no longer work in isolation," Mr. Murray says. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:31:44 PDT