Security is for other people...
Published: 12 March 2002 15:30 GMT
Barely 50 per cent of UK companies have business continuity plans in place - a situation that's unlikely to improve unless security is treated as a business issue.
Ernst & Young's Global Information Security Survey 2002, out today, shows just 53 per cent of companies have such plans. More alarming still, only 49 per cent of these have been tested.
Much of the activity that is taking place is in what Ernst & Young regards as the 'basics' of information security, such as firewall management and anti-virus protection.
Forty per cent of companies do not investigate security incidents at all, despite warnings that security breaches often result in the creation of 'back doors' for malicious use later.
Furthermore, only 81 per cent of the companies surveyed employ anti-virus procedures a meagre 72 per cent have implemented access management and just 66 per cent have firewall management.
Security experts agree that these figures should be nearer the 100 per cent mark.
Ernst & Young believes the way information security is approached within businesses leaves much to be desired, as it is often marginalised as a straight IT issue. Only 29 per cent of the companies surveyed by the consultancy treat business continuity planning as a business unit expenditure.
Forty-five per cent indicated that the expense is borne by the IT budget, indicating that many organisations still perceive business continuity as the responsibility of IT and not an essential component of corporate strategy.
Ernst & Young claims it is "irresponsible" not to place information security on the boardroom agenda.
Jan Babiak, managing partner of Ernst & Young's UK Information Security Practice, said: "An organisation's information security strategy must extend beyond the technical solution to include sound consideration of the nature of the business risks and the culture."
She added: "It must be informed and objective and must drive tactical and operational decisions in all business areas if it is to be of real value today. Getting this right can mean the difference between success and failure."
Ernst & Young surveyed 459 CIOs, IT directors and business executives in UK companies.
For more information, see http://www.ey.com/uk
Anti-Virus and E-mail management Business Continuity Planning/Disaster Recovery Micropoint works with the leading hardware and software vendors and ...
*To lead on ensuring that the required polices and strategic plans are developed and implemented supported by exercises and training programmes for ...
Tivoli Enterprise Manager, Enterprise Security Manager, Tivoli Storage Manager, Symantec Anti-Virus and MSUS/BigFix etc. Data Backup, Replication and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business