2013-11-05
Abstract
Only 17% of respondents in Ernst & Young survey say their company’s information security function fully meets the needs of their organization.
Copyright © 2013 Virus Bulletin
Only 17% of respondents in Ernst & Young (EY)’s 16th annual global information security survey said they felt that their company’s information security function fully meets the needs of their organization. More than 1,900 information security executives across 25 industry sectors and in 64 countries took part in the survey, which was conducted between June and July this year.
While some of the survey’s findings were encouraging – with many organizations seeing increased investment in information security – 65% of respondents still cited budget constraints as the biggest obstacle to delivering value to the business, and 50% of respondents said they felt that a lack of skilled resources stood in the way of addressing their organization’s security needs.
With phishing and targeted attacks rife, ongoing security awareness training is one way organizations can improve the chances of employees spotting social engineering attacks – so it was a surprise that only 23% of respondents ranked employee security awareness training as a high priority, with an even more surprising 32% of respondents ranking it as their lowest priority.
The survey’s authors concluded that organizations need to place more emphasis on improving employee awareness, increasing budgets and devoting more resources to innovating security solutions.
