Security detail
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Investigating the adoption of security precautions
New research from Information Age identifies the security practices, processes and technologies that organisations are adopting to protect their information
Security breaches that gravely tarnish the reputation of a well-known business are now a weekly, if not daily, occurrence.
It was electronics giant Sony’s misfortune that dominated the headlines in April 2011, after hackers stole a staggering 100 million customers’ details.
Just weeks before, brands as high powered as JPMorgan Chase and McKinsey were affected when a marketing agency’s email list was hacked.
Little wonder, then, that information security is an issue that preys on the minds of business executives, fearful that it might be their turn next to apologise for failing to prevent a data breach.
And yet, it is a topic that organisations rarely speak about publicly. This is perhaps with good reason – no-one wants to advertise the weaknesses of their security precautions to would-be hackers, and nor do they want to provoke them with boastful claims.
But this means that it can be difficult for organisations to benchmark their security precautions against those of their peers. This arguably makes it more difficult for good security practices to become widespread.
Information Age, in partnership with security advisory firm Invictis, recently surveyed 333 IT, security and business executives in the UK about the security practices, processes and technologies that they use to safeguard their data.
The results of that survey are presented here, in the hope that they provide a useful, albeit informal, glimpse into the standard of information security practices as they stand today.
Security's standing
A simple but revealing question was to ask respondents how they rate their organisation’s overall security posture.
The large majority (74%) replied that they rate it either highly or extremely highly. Fewer than 3% considered their security posture to be below average.
This is not necessarily the statistical impossibility that it might seem – the survey may well have attracted a disproportionate number of respondents whose organisations are very good at security. However, it does suggest that UK organisations consider security to be an issue that is under control.
For whatever reason, respondents from the telecommunications sector were most likely to rate their security posture ‘extremely highly’ (58%), while respondents from the education sector were among the most likely to rate theirs as average or worse.
Organisations of more than 1,000 employees, and those of between 500 and 1000 employees, rated their security postures equally highly, while those of 500 or fewer were most likely to consider themselves ‘average’.
Three-quarters of organisations reported that there is a senior-level executive with specific responsibility for security. Quite logically, a smaller proportion of organisations with 500 or fewer employees have such an executive (60%) compared with larger organisations (80%) When asked whether security is adequately funded and/or resourced at their organisation, 41% of respondents replied yes to both. Almost as many (35%) said there are adequate funds but that ‘headcount is limited’.
Not surprisingly, those respondents who rated their security posture ‘extremely highly’ were the most likely to report that it is both well funded and well resourced.
NEXT>>> Information risk
