The 2009 Global Security Survey authored by Ernst & Young has raised awareness of the fundamental security concerns held by thousands of senior executives. The most pronounced fears surrounded the possibility of security breaches instigated by disenfranchised former employees. Over 40% of those questioned reported that they had been compelled to analyse the risk of such eventualities, whilst a further 25% are building active defences against them.
The survey also revealed the continuing issues caused by inadequate IT security budgets. The figures suggest that his problem is getting worse, not better. Over 50% of respondents claimed that their IT security budgets left little or no margin with which to tackle potential threats effectively. This is an increase of nearly 20% against the equivalent response in last year’s Global Security Survey. Half of the IT professionals said that, despite their concerns, their IT security budgets would not increase over the coming year, whilst 40% believed that they would be benefiting from a bigger budget.
Ernst & Brown’s senior IT risk advisor Richard Brown laid out his own analysis of the statistics. In order to combat the threat of vengeance-seeking redundant employees, Brown recommended risk assessment and appropriate measures based on the response to the potential risks.
Obviously there must be contingencies in the budget in order to facilitate such action, which is impacted by the second revelation of the survey. Brown admitted that in order to properly counter the various IT security risks, professionals in the field will need to look to improvements in efficiency rather than to bigger budgets. He pointed out that data security is not independent of external economic factors and as such spending increases could not be relied upon to provide the solution.
With 55% of the survey’s participants blaming regulatory compliance for significant increases in their spending, it seems that more industry cohesion is needed to better combat security threats. The survey did at least bring good news for those in the data protection industry, as 40% of the IT professionals questioned said that they considered the prevention of data leakage to be a primary concern.
