Businesses Failing to Protect Against Potential Security Threats
Lack of budget and skills cited as main obstacles facing organisations.
New research has found that businesses aren't taking the steps to adequately protect itself against future security threats.
According to Ernst & Young's 15th Global Information Security Survey 2012, 77 percent of respondents have experienced an increase in the amount of external attacks, representing an increase from 72 percent in 2011 and 41 percent in 2009.
During the same period, businesses have also experienced an increase in internal vulnerabilities. 46 percent of participants said they have noticed an increase, while 37 percent attributed unaware or careless employees as the threat that has increased the most over the past year.
Nearly two-thirds (64 percent) of companies have no robust security foundation implemented. 45 percent admitted that the business only discusses information security issues once a year with its board.
Ernst & Young said one of the reasons for the rise in attacks was due to the introduction of new technologies including cloud computing and Bring Your Own Device (BYOD), which organisations are utilizing in an effort to reduce overall costs.
20 percent of businesses have not proceeded with any methods to reduce the security risks such as utilizing encryption techniques. The report also refers to two predominant reasons pertaining to the lack of security budget and lack of skills within the company.
61 percent of companies surveyed mentioned budget constraints as the main problem facing its information security strategy, while 57 percent pointed towards the lack of specialist skills.
"The results of our survey point at two necessary changes. On the one hand, businesses need to understand that information security can no longer simply be an IT issue," said Mark Brown, Director of Information Security at Ernst & Young. "They need to transform their perception of information security and make it a board sponsored topic that is eventually embedded in the core strategy of a business."
"On the other hand, we need to look at the bigger picture – that of the lack of specialist skills. Since the late 1990s the number of UK-born graduates studying mathematics and science degrees has fallen by almost 70%. This has led to an increasing shortage in relevant skills and has put the UK's efforts to tackle growing cyber security risks on the backfoot," he concluded.