Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Compliance Pays-off in Information Security

14 November 2006
Media Release

Complying with Regulations Pays-off in Information Security

Information Security is increasingly recognised as an enabler of business improvement, says Ernst & Young’s 9th Annual Global Information Security Survey, with regulatory compliance the top driver in improving information security within organisations.

The survey, Achieving success in a globalised world – Is your way secure? sought the views of nearly 1200 senior information security professionals in 48 countries, as well as benchmarking the current information security practices of more than 350 organisations in 38 countries.

There is emphatic agreement – by almost 80% of survey participants – that efforts and activities undertaken to achieve regulatory compliance have actually improved companies’ information security.

Susan Steedman, Ernst & Young New Zealand’s national practice leader for Risk Advisory Services, comments, “The survey identifies five major information security priorities in which companies are showing significant progress, but also where continuous improvements are necessary to keep pace with the growing requirements of effective risk management.

“For New Zealand companies, compliance and third party risk are the most notable priorities,” says Susan.

“The limited availability of experienced and well-trained security practitioners in New Zealand puts a greater emphasis on New Zealand organisations rationalisng and optimisng their security compliance efforts as part of normal operations. It also heightens the need for proactive management of third party providers of security related services.”

Third-Party Risk

Only one-third of survey participants say they have formal procedures in place for vendor risk management. Vendors themselves are expected to spend more time over the next year complying with information security certification requirements.

The survey also shows companies have inconsistent policies and procedures in place to manage these relationships. More than 50% of survey respondents say they address the issue of vendor risk only informally, or not at all. Just 14% of organisations require their vendors to have an independent review of their information and privacy practices against leading practices.

“Overall our 2006 Global Information Security Survey confirms that information security has never been more important,”Susan concludes.

“It shows that many companies are making significant progress in mitigating risk by strengthening their information security. This is due to greater investments, greater board involvement, positive influences of regulatory pressures and maturity in information security leadership. However, the dynamics of risk require continuous improvements and updates to information security measures.”

Five Major Priorities for Information Security

Based on its latest survey and the results from previous years, Ernst & Young has identified five major priorities for information security, where progress has been made but where there is an ongoing need for continuous improvement. These are:

Integrating information security with the organisation: embedding information security into the mainstream of the business with increased visibility and resources.

Extending the impact of compliance: shifting attitudes from compliance as a distraction to being an enabler, bringing advances in risk-based security for organisations.

Managing the risk of third party relationships: recognising the challenges, issues and actions needed to manage the risks with global suppliers and outsourced partners.

Focusing on privacy and personal data protection: taking a proactive and comprehensive approach to mitigating the risks related to privacy and personal data protection.

Designing and building information security: using externally imposed compliance deadlines and security incidents as a catalyst for proactive investments in stronger capabilities and defenses.


In Brief: Some Other Key Survey Findings

Other positive trends in information security:
Forty-three percent in 2006, compared with 40% in 2005, say information security is integrated with their organisations’ risk management programs and processes.
This year’s survey suggests that companies’ information security policies, roles and responsibilities are not only reasonably well-developed, but also more clearly and effectively communicated and understood by employees.
Increasingly information security outsourcing is a topic for discussion of corporate outsourcing, being driven in part by the limited availability of experienced and well-trained security practitioners.
More than half of survey participants confirm their compliance work is part of an integrated organisation-wide compliance effort and risk management framework.
Over the next year, after working on compliance and privacy, more survey participants say they will be working proactively to help their organisations meet global business objectives.
Nearly 80% of survey respondents have identified and prioritized critical business processes as part of their business continuity plans; three quarters of them have undertaken an IT risk assessment in developing their plans.
Nearly half of information security executives say they have adopted or plan to adopt an information security standard.

Other areas for continuous improvement:
More than half of survey participants have yet to take steps to integrate information risk management into their overall risk management activities.
Over 40% of survey participants indicate they are not reporting about information security issues to their board of directors and business unit leaders on a regular basis.
Only half of organisations have their information security function proactively involved in achieving regulatory compliance.
Information security is least proactive today when addressing new technologies.
One-third of survey respondents say disaster recovery timescales have not been agreed to with the business, only half of business continuity plans have been tested, just over half of organisations have agreed on escalation procedures in response to a disaster, and less than half have developed an internal and external communication strategy for business continuity.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Onetai Station: Overseas Investment Office Puts Ceol & Muir On Notice

The Overseas Investment Office (OIO) has issued a formal warning to Ceol & Muir and its owners, Argentinian brothers Rafael and Federico Grozovsky, for failing to provide complete and accurate information when they applied to buy Onetai Station in 2013. More>>


Tomorrow, The UN: Feds President Takes Reins At World Farming Body

Federated Farmers president Dr William Rolleston has been appointed acting president of the World Farmers’ Organisation (WFO) at a meeting in Geneva overnight. More>>


I Sing The Highway Electric: Charge Net NZ To Connect New Zealand

BMW is turning Middle Earth electric after today announcing a substantial contribution to the charging network Charge Net NZ. This landmark partnership will enable Kiwis to drive their electric vehicles (EVs) right across New Zealand through the installation of a fast charging highway stretching from Kaitaia to Invercargill. More>>


Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>


Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news