Irish firms not proactive in protecting data

22 Jan 2008

Irish companies view privacy and data protection less seriously than our international counterparts, the 10th annual Ernst & Young Global Information Security Survey has found.

While 57pc of global survey respondents ranked privacy and data protection among the top three drivers of information security, only 25pc of Irish respondents viewed these as a top driver.

Irish organisations also ranked lower when it comes to being proactive in managing privacy and data protection: less than half (44pc) described their approach to this area as proactive compared with over three quarters (76pc) of global respondents. Almost one fifth (19pc) of Irish information security personnel reported having no involvement in managing privacy and data protection compared with a global figure of 4pc.

Most Irish organisations (74pc) ranked compliance as the primary driver of information security improvements.
“While our survey shows that Irish organisations compare favourably overall to global security trends, it is a concern that data privacy and protection has not been identified as an area of focus,” said Pat Moran, a partner in Ernst & Young’s Risk Advisory Services practice. “This could be an indication that data is not being appropriately secured and that Irish organisations are at risk from a data leak similar to those incidents in the UK that have been widely reported recently.

“The challenge for Irish organisations is to ensure they are proactive in addressing data privacy and protection so as to alleviate their customers’ concerns in this area. With the increasing public interest in this topic, there is an opportunity for organisations to stand out in the marketplace by demonstrating a strong commitment to the privacy and protection of customer data. There is an increase in public awareness of this issue but it does not appear to be currently a priority for Irish organisations.”

The survey found that information security is increasingly being integrated into overall risk management within businesses. Some 87pc of respondents reported at least some levels of integration.

Some 63pc of Irish respondents felt information security improves IT and operational efficiencies. This is in sharp contrast to previous years, when information security was viewed as a barrier to IT and operational efficiency.

However, the survey results uncovered a worrying separation between the information security function and the strategic decision-making process. Some 38pc of information security personnel never meet with their board or audit committee. While involvement with corporate officers and business unit leaders continues to increase, it does so at a slow pace, with the majority meeting less than once a quarter.

Irish respondents cited the availability of experienced and trained resources as the greatest challenge to delivering information security projects. Some 69pc cited this as a problem. All respondents said they are outsourcing certain elements of information security as a result.

The survey canvassed nearly 1,300 senior executives in more than 50 countries to explore the information security issues faced by businesses today.

By Niall Byrne