The rise in global security incidents, diminished budgets and degrading security programmes has left organisations to deal with security risks that are neither well-understood nor consistently addressed. But executives around the world are confident that they are winning the high stakes game of information security despite the growing number of obstacles, according to The Global State of Information Security Survey 2013 published by PwC in conjunction with CIO and CSO magazines.
According to the 10th annual survey, the general mood among global executives is largely optimistic. The majority of respondents said they are very or somewhat confident their organisations have instilled effective information security behaviours into their culture (68 per cent), and are very or somewhat confident their information security activities are effective (more than 70 per cent).
Yet, while nearly half of respondents (42 per cent) view their organisation as a front-runner in information security strategy and execution, the survey finds that only eight per cent actually qualify as true information security leaders.
According to PwC, ‘leaders’ are defined as companies that have a chief information security officer (or CISO equivalent) who reports to the organisation’s top executives, have an overall information security strategy in place, have measured and reviewed the effectiveness of their security in the last year, and understand exactly what types of security events have occurred.
“Security models of the past decade are no longer effective. Today’s rapidly evolving threat landscape represents a danger that shows no signs of diminishing, and businesses can no longer afford to play a game of chance,” said Mark Lobel, a principal in PwC’s Advisory practice. “Companies that want to be information security leaders should prepare to play a new game – one that requires advanced skills and strategy to win against emerging threats.”
As mobile devices, social media, and the cloud become commonplace inside the enterprise and out, technology adoption is moving faster than security. PwC has found that 88 per cent of consumers use a personal mobile device for both personal and work purposes, yet only 45 per cent of companies have a security strategy to address personal devices in the workplace and 37 per cent have malware protection for mobile devices.
Despite an increase in the number of respondents reporting safeguards in place for mobile, social media, cloud computing, and policies covering the use of employee-owned devices, only 44 per cent report having a mobile security strategy and less than 40 per cent have strategies for the cloud and social media. These numbers lag the adoption rates of the technologies themselves.
The report is available at www.pwc.com/giss2013.