PwC: UK lags global partners on data protection
Printer friendly
UK public sector organisations are losing ground to those in many of their major overseas trading partners when it comes to protecting and securing data, says a new survey of more than 7,000 information security professionals across the globe.
Some 49% of respondents polled in the 7th annual ‘Global State of Information Security Survey', carried out in conjunction with CIO and CSO magazines, did not know how many security incidents their organisations had experienced over the last 12 months, compared to only 7% in China.
Only 37% of UK respondents said their organisation had an accurate inventory of where sensitive data was stored. Just 37% said they employ a Chief Information Security Officer, only 47% have a disaster recovery plan; both figures are significantly higher in the US.
Globally, 12% of respondents believe spending on information security will be cut over the next 12 months, up from 5% last year. But 63% believe that spending will stay the same or increase, providing some evidence that information security budgets are safe, for now.
William Beer, director, One Security practice, PricewaterhouseCoopers LLP, said the recession means all budgets are under pressure but many companies know that now is not the time to slash their security spend.
There are a host of new and emerging threats that range from complex malware to attacks from cyber-criminals and e-espionage, all of which can result in material loss and reputational damage.
Beer added: 'We are also aware that, at a senior level, the UK is anxious about moving to digital business models, where core information assets, such as customer data and intellectual property, may be shared with business partners and outsourced suppliers, often in other countries. This adds another dimension to the risks involved.'
Other findings from the global survey show that 40% of respondents believe that threats to the security of their companies' information has increased over the last year and, of those, a similar proportion say risks have increased due to employee lay-offs as a result of the economic recession.
The list of new investments in the information security area is topped by the increasing use of biometrics, especially in China, where 69% of respondents reported they were used to protect information, compared to just 22% in the UK.
Another new trend is the growth in the number of employees accessing social networks from work and the risks this behaviour brings with it. 40% report that their organisations have security technologies that support Web 2.0 exchanges such as social networks, blogs and wikis. In addition, approximately one third audit and monitor networking postings to external blogs or social networking sites, while 23% have security policies to address this.
When asked what they thought were the biggest priorities to continue meeting their security objectives, respondents highlighted the need for an increased focus on data protection and a more intelligent prioritisation of security investments based on risk.
Jon Hayton, a director in PwC's forensic investigations team, said: 'The findings from this survey match what we are hearing from our clients in the UK. It is good news that companies have chosen not to slash security budgets. Good security practice needs to be embedded into the DNA of a business, not bolted on as an afterthought. Unfortunately there are many organisations where this is still the case.
This makes their security performance very fragile. When it goes, it can go very quickly. I have seen good security practices fall apart in months."
- Login or Register to comment
- Add to a social bookmarking site
Editor's Manifesto: Tales of the entirely expected
"Several weeks into the new era of Coaltiion Government and certain key themes are emerging. First up, it's clear that the battle of the 'who can get their memoirs out the door quick enough to steal a march in the revisionist history stakes' has been triumphantly won by M'Lord Mandelson (Weren't those TV ads scary – the velvet smoking jacket, the leather fireside chair, all that Brillcream! The only thing missing was the theme tune to Tales of the Unexpected and the accompanying prancing sillouette of Harriet Harman or Diane Abbott dancing!)” Read more
The Dispatch Box: Data quality and the public sector
Colin Rickard, managing director EMEA at SAS subsidiary Dataflux, argues public sector data must be of high quality if the efficiencies promised with ICT and infrastructure is to be realised.
"Tackling the public sector’s data integration and data quality challenges is a tough prospect. The challenge may require more effort than a comparative project in a large private company. Data must be governed according to a strategy that necessitates bringing interested parties together.” Read more
Innovation: A step too far in the austerity age?
Complete and enter our draw to win a free seat at the e-Government Awards. The public sector is already perceived to be lacking in innovation, but is that a fair assessment, and what role could it play in helping the government meet efficiency targets? What do people working on the frontline of ICT in public sector organisations think? Take part and share your views
James Gardner, CTO at the Department for Work and Pensions discusses his thoughts on innovation in the public and commercial sectors.
Source: K2 Advisory