Information Security Drives Business Improvements

by Sunil Kumar    Dec 22, 2006

Ernst & Young’s 9th Annual Global Information Security Survey recognized information security as a driver of business improvement but companies need to do more to improve its posture in global business environment.

The key findings of the survey include that the boardroom risk agenda is privacy and personal data protection; also the most consumer-driven and a direct consequence of the outsourcing revolution.

The survey, “Achieving success in a globalized world - Is your way secure?” sought the views of nearly 1,200 senior information security professionals in 48 countries, with 144 respondents from India, represents multinational and local organizations.

The survey also says that among new technologies, removable media such as USB drives, web applications and wireless networks were rated as topmost security concerns respectively. Even as growth in third party outsourcing continues to accelerate, as many as 37% Indian respondents either do not address or have informal procedures for vendor risk management issues. While 44% respondents say they have formal procedures; 11% have got these validated by an independent agency. At a global level, 36% respondents had formal procedures and 6% had got these validated.

Nearly 60% of Indian respondents have reported formal procedures to address privacy and data protection issues, with 10% having been validated, compared to 52% and 6% respectively at the global level. The pressure to control and protect an individual’s personal information will only increase in the foreseeable future, making proactive involvement of information security in this area a priority, adds the survey. More than 30% of information security executives in India say they have adopted or plan to adopt (or become certified under) an information security standard.

Sunil Chandiramani, national director, risk & business solutions, Ernst & Young India says, “IT security is one of the larger areas of concern. There is also a concern of data privacy, a concern on the legislation of data, there is also a concern of web applications. While many parts of the world are working on mainframes, India has leapfrogged in adopting many new technologies and going ahead in adopting new technologies.”

Adds Chandiramani, “With rapid globalization of Indian business, we are seeing increasing integration of information security into both the overall risk management framework and the culture of the organisation. Though about a third of the companies are still not routinely reporting on information security to their boards, we expect increasing visibility on these issues from top management.”

Among new technologies, removable media such as USB drives, web applications and wireless networks were rated as the topmost security concerns respectively. Even as growth in third party outsourcing continues to accelerate, as many as 37% Indian respondents either do not address or have informal procedures for vendor risk management issues.

While 44 % respondents say they have formal procedures; 11% have got these validated by an independent agency. At a global level, 36% respondents had formal procedures and 6% had got these validated.