Companies need to get data security in order, says research
New research shows that organisations continue to struggle to manage data securely, prepare for potential crisis scenarios, and defend against hacking and other cyber threats, according to findings from the ‘ 2014 IT Security and Privacy Survey’ conducted by global consulting firm, Protiviti.
The third edition of this report contains insights from more than 340 CIOs, CSOs, IT directors, managers and IT auditors at companies with gross annual revenues ranging from less than $ 100 million to greater than $ 20 billion. According to a statement from the company, the findings identify gaps between where companies currently stand - and where they should be in relation to fundamental elements of IT security. The hard line is that many still fall short of important standard protocols for IT security and privacy.
“Companies need to take more action in relation to the risks they recognise to better protect their crucial data.” Cal Slemp, managing director and global leader of the firm's IT security and privacy practice.
The research covers key themes and areas for consideration. These include the fact that organisations lack high confidence in their ability to prevent a cyber attack or data breach. While executive management has a higher level of awareness there are lower confidence levels among IT executives and professionals in preventing an attack or breach. There is also a noticeable year- overyear jump in the number of organisations without a formal and documented crisis response plan to execute in the event of a data breach or cyber attack. Regarding the correlation between board engagement and stronger IT security profile, nearly three out of four boards have a good level of understanding about the organisation’s information security risks. Organisations whose boards are concerned with how the organisation is addressing its risks, have significantly stronger IT security profiles. On the other hand, one in five boards appear to have a low level of engagement in how the company is addressing information security risks. However, several companies appear not to have proper “core” data policies. One in three do not have a written information security policy ( WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/ destruction policies. These are critical gaps in data governance and management, and they carry considerable legal implications. The 2014 IT Security and Privacy Survey can be found at www.protiviti.com/ITsecuritysurvey