CIOs, CSOs grappling to adopt security practices

by CXOtoday News Desk    Oct 30, 2012

cloud securityIn the ever complex business environment dominated by cloud computing, social media and tablet PCs, CIOs and CSOs are grappling to adapt to newer security practices, according to a survey by research firm Ernst & Young.

The survey revealed that cloud computing has become one of the main drivers of business model innovation and IT service delivery. Nearly 38 percent CIOs and CSOs said that they have not taken any measures to mitigate risks even though they have adopted this technology. Most businesses do use social media for various purposes, but another 38 percent said that they have not adopted any specific measure to address risk. For example, protecting organization’s brand or calculating the time employees engage in social media, etc.

The survey that included CIOs and CSOs from across industry sectors such as finance, insurance, IT and hi-tech forms, retail, utility and government, noted that 31 percent respondents witnessed a rise in the number of security incidents in 2012 compared to the previous year.

Other emerging technologies CIOs find are the key drivers in the process that are compelling them to adopt stringent security measures are mobile devices, such as tablets and smartphones. Over 30 percent said that employees are allowed to use only company-owned mobile devices and they have acquired mobile-device management software. Encryption plays a vital role to more than 40 percent of the respondents.

In terms of budgets, in the next one year, nearly 30 percent expect to increase their information security funding from 5 to 15 percent and one tenth of the respondents expect a budget increase of over 25 percent. Security budgets are expected to remain the same for the 44 percent respondents. About one third said they spend at least $1 million per year on information security.

For 50 percent respondents, the highest priority area include business continuity and management as well as disaster recovery and most importantly a redesign of their information security program, as per the survey. From this perspective, the study brings out the existing gap between the CIOs and CISOs adopting cloud computing and tablet. But more than half of the respondents said that they plan to spend more to secure new technologies.

Getting IT pros with the right security skillset is another major challenge. nearly 43 percent of respondents said finding the right people with the right skills and training to handle information security jobs is a challenging task. the survey also revealed that in the past one year, maximum threats or vulnerabilities have been cause by careless or unaware employees followed by cyber attacks to steal financial information.