Does business understand IT security?
Posted on 28 March 2014.
The role of IT security is still not well-understood by business, according to a new survey by Turnkey Consulting.

The survey asked IT professionals about their organization’s position with regard to investment in IT and systems security and responses revealed that:
  • 17.5% believe it is perceived as an unnecessary expense only undertaken to keep auditors happy, up from 12.2% in 2012.
  • 37.5% say it is seen essential business practice that can deliver ROI, but this was down from 43.9% in 2012.
This is despite over two thirds (71.8%) of respondents saying that the IT security risks their organizations face from external sources has increased. In addition:
  • 38.2% of respondents had experienced a fraud incident in 2013, up from 31.3% in 2012.
  • In the past year, 30% had experienced a data loss that affected business operations, up from 17.1% in 2012.
Research also indicated that there is on ongoing reluctance to regard IT security as a business issue:
  • 57.5% of respondents believed their organization saw it as everyone’s responsibility, down from 64.6% in 2012.
  • 40% of respondents reported that their organization regarded IT and systems security as the sole responsibility of IT, up from 28% in 2012.
However, 55% of respondents said they used some automated controls, designed to prevent or detect exceptions in a business process, and planned to increase the number. This figure was up from 50% in 2012.

“It is concerning to see that IT security is still not perceived as an integral part of the business,” says Richard Hunt, managing director of Turnkey Consulting. “Corporate SAP systems are accessed from an increasing number of touchpoints, both inside and outside the organization as employees adopt mobile working, and enterprises look to enhance third party relationships with suppliers and customers. This streamlines business processes, but it increases the risk to the enterprise. To tackle this, an end-to-end approach to security is required to fully secure the organization’s systems and data.”





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //