Brief

10th Annual Global Information Security Survey

Devendra Parulekar, Associate Director – Technology and Security Risk Services, Ernst & Young

Ernst & Young has released the 10th Annual Global Information Security Survey report that shows a growing number of organizations recognize that information security can do more than just protect corporate assets.

Releasing the survey report, Devendra Parulekar, Associate Director – Technology and Security Risk Services, Ernst & Young, said, “We have realized that the focus and drivers of information security may change over the years, but the need to protect information assets remains virtually important to businesses globally. Organizations are beginning to recognize that information security can deliver more than just protection for information.”

The survey, which was conducted between May and September last year, interviewed 1,300 senior executives in more than 50 countries with India emerging the second largest contributor with 114 respondents.

The integration of information security in the overall risk management function is on an increase amongst Indian organizations. The survey findings indicate that Indian companies are increasingly using information security and risk management in a more strategic role of addressing business objectives.

According to the survey, the number of organizations that have fully integrated the information security function into risk management operations has increased to 39 percent in 2007 from 19% in 2006. Compliance is a major driver in this integration as indicated by 50% of the respondents in India.

The importance of privacy and data protection are considered to be top drivers for information security. Majority of the respondents from the top management, including 73% of the CEOs and 64% of CIOs, place considerable importance on protecting privacy related information managed by their organization. Privacy and data protection have emerged as the top three drivers for information security as indicated by 58% of the respondents.

Improving IT and operational efficiency are emerging as important elements of information security as identified by 79% of Indian respondents, compared to 69% globally. Availability of experienced IT and information staff is the greatest challenge in delivering strategic information security projects. While 63% of Indian respondents indicated the use of third-party services for information security design, the global usage is higher at 75%.

Meeting business objectives is a growing focus of information security. In India 47% of respondents are inclined to towards trying to achieve this. Globally, the trend is moving towards business objective alignment and not just investing new technologies. The survey indicates a decrease in deploying new technologies from 24% in 2006 to 13% in 2007.

Information security is still limited to the IT department. The survey indicates that information security personnel are three times more likely to meet with IT department on a monthly basis than corporate officers and business unit leaders. The survey also points out that 32% of the information security organizations do not meet with their board of directors or audit committees.

Lastly, organizations are demanding more than vendors and business partners in managing third-party relationships. In India, 39% and globally 48% of companies felt that the vendors and business partners should have their own information security and privacy policies and procedures in place.