Top management more aware of cyber risks: survey

THE business use of IT, and the information security that comes with it, has now become a major focus for senior management, a new study shows.

Thirty-one per cent of respondents in Ernst & Young's (EY) 16th annual 2013 global information security survey say that the number of security incidents within their organisation has increased by at least 5 per cent over the past 12 months.

Many organisations have now realised the extent and depth of the threat posed to them, resulting in information security being "owned" at the highest level within 70 per cent of the organisations surveyed.

The global survey tracks the level of awareness and action by companies in response to cyber threats, and canvasses the opinions of more than 1,900 senior executives.

This year's results show that, as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer a question of if, but when, a company will be the target of an attack.

The survey also shows that with information security functions not fully meeting the needs in 83 per cent of organisations, 93 per cent of companies globally are maintaining or increasing their investment in cyber-security to combat the ever increasing threat from cyber-attacks.

Paul van Kessel, EY global risk leader, noted that this year's survey shows that organisations are moving in the right direction, but more still needs to be done urgently.

"There are promising signs that the issue is now gaining traction at the highest levels. In 2012, none of the information security professionals surveyed reported to senior executives. In 2013, this jumped to 35 per cent," he said.

Ken Allan, EY global information security leader, added: "Cyber-crime is the greatest threat for organisations' survival today. While budget allocations towards security innovation are inching their way up, enabling organisations to channel more resources towards innovating solutions that can protect them against the great unknown - the future - many information security professionals continue to feel that their budgets are insufficient to address mounting cyber risks."

Gerry Chng, EY's Asean information security leader, added that with all the recent news on cyber-attacks, information leakages, new regulations and emerging technologies, organisations need to start doing more by rethinking how they are dealing with the challenges.

The survey notes that, despite half of the respondents planning to increase their budget by 5 per cent or more over the next 12 months, 65 per cent cite an insufficient budget as their No 1 challenge to operating at the levels the business expects; and, among organisations with revenues of US$10 million or less, this figure rises to 71 per cent.

Of the budgets planned for the next 12 months, 14 per cent are earmarked for security innovation and emerging technologies.

As current technologies become further entrenched in an organisation's network and culture, organisations need to be aware of how employees use the devices, both in the workplace and in their personal lives.

This is especially true when it comes to social media, which respondents identified as an area where they continue to feel unsure of their capability to address risks.