93pc of firms worldwide plan to beef up IT security measures

10 Dec 2013

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

With cybercrime now representing one of the leading threats to businesses today, 93pc of companies globally plan to maintain or increase their investment in cybersecurity.

A new global study by Ernst & Young (EY) of 1,900 senior executives in 64 countries found that 83pc of organisations claim their information security functions are not meeting their needs.

Austerity measures brought on by the global economic crisis have increased the risk of security breaches, such as those involving bank accounts or payment card data.  

The study makes interesting reading in light of the recent hack attacks by cyber-criminals that exposed the data of thousands of SuperValu and Axa loyalty scheme customers.

Despite half of the respondents planning to increase their budget by 5pc or more in the next 12 months, 65pc cite insufficient budgets as their No 1 challenge in order to operate at the level business expects.

This challenge exists against a backdrop where 65pc of Irish organisations cite an increase in external security threats and 35pc of Irish organisation cite an increase in internal vulnerabilities in the past year.

“The ever-increasing reliance of business on IT, rising complexity in supply chains, rapid changes in technology and an aggressive cyberthreat environment mean that this issue is going to get worse before it gets better,” said Ivan O’Brien, director at EY Advisory Services.

“It is no longer a question of if, but when, a company will be the target of cyberattacks.”

Security is a business problem, not a technology problem

While most global organisation still have information security reporting to IT (globally, 62pc v 59pc in Ireland) almost half (46pc) of global respondents have information security reporting to the CIO, whereas in Ireland this figure was about half that at 24pc.

“This reinforces the idea that security is a technology issue rather than a business problem. Reporting within the CIO or risk domain would arguably help bring security closer to the business and make it more directly involved in supporting the business strategy,” said Hugh Callaghan, director, EY EMEIA Financial Services Advisory.

“Ireland is rightly making a big economic play in the high-tech and software sectors, but in order for this to be sustainable it has to be built on solid foundations of strong cybersecurity.

“When it comes to cybersecurity, Ireland’s top 3 inhibitors are budget constraints, governance issues and lack of executive awareness and support.

“This could indicate that despite frequent reporting to senior management, information security functions still aren’t receiving the support they need to be effective,” Callaghan added.

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com