Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Compliance Pays-off in Information Security

14 November 2006
Media Release

Complying with Regulations Pays-off in Information Security

Information Security is increasingly recognised as an enabler of business improvement, says Ernst & Young’s 9th Annual Global Information Security Survey, with regulatory compliance the top driver in improving information security within organisations.

The survey, Achieving success in a globalised world – Is your way secure? sought the views of nearly 1200 senior information security professionals in 48 countries, as well as benchmarking the current information security practices of more than 350 organisations in 38 countries.

There is emphatic agreement – by almost 80% of survey participants – that efforts and activities undertaken to achieve regulatory compliance have actually improved companies’ information security.

Susan Steedman, Ernst & Young New Zealand’s national practice leader for Risk Advisory Services, comments, “The survey identifies five major information security priorities in which companies are showing significant progress, but also where continuous improvements are necessary to keep pace with the growing requirements of effective risk management.

“For New Zealand companies, compliance and third party risk are the most notable priorities,” says Susan.

“The limited availability of experienced and well-trained security practitioners in New Zealand puts a greater emphasis on New Zealand organisations rationalisng and optimisng their security compliance efforts as part of normal operations. It also heightens the need for proactive management of third party providers of security related services.”

Third-Party Risk

Only one-third of survey participants say they have formal procedures in place for vendor risk management. Vendors themselves are expected to spend more time over the next year complying with information security certification requirements.

The survey also shows companies have inconsistent policies and procedures in place to manage these relationships. More than 50% of survey respondents say they address the issue of vendor risk only informally, or not at all. Just 14% of organisations require their vendors to have an independent review of their information and privacy practices against leading practices.

“Overall our 2006 Global Information Security Survey confirms that information security has never been more important,”Susan concludes.

“It shows that many companies are making significant progress in mitigating risk by strengthening their information security. This is due to greater investments, greater board involvement, positive influences of regulatory pressures and maturity in information security leadership. However, the dynamics of risk require continuous improvements and updates to information security measures.”

Five Major Priorities for Information Security

Based on its latest survey and the results from previous years, Ernst & Young has identified five major priorities for information security, where progress has been made but where there is an ongoing need for continuous improvement. These are:

Integrating information security with the organisation: embedding information security into the mainstream of the business with increased visibility and resources.

Extending the impact of compliance: shifting attitudes from compliance as a distraction to being an enabler, bringing advances in risk-based security for organisations.

Managing the risk of third party relationships: recognising the challenges, issues and actions needed to manage the risks with global suppliers and outsourced partners.

Focusing on privacy and personal data protection: taking a proactive and comprehensive approach to mitigating the risks related to privacy and personal data protection.

Designing and building information security: using externally imposed compliance deadlines and security incidents as a catalyst for proactive investments in stronger capabilities and defenses.


In Brief: Some Other Key Survey Findings

Other positive trends in information security:
Forty-three percent in 2006, compared with 40% in 2005, say information security is integrated with their organisations’ risk management programs and processes.
This year’s survey suggests that companies’ information security policies, roles and responsibilities are not only reasonably well-developed, but also more clearly and effectively communicated and understood by employees.
Increasingly information security outsourcing is a topic for discussion of corporate outsourcing, being driven in part by the limited availability of experienced and well-trained security practitioners.
More than half of survey participants confirm their compliance work is part of an integrated organisation-wide compliance effort and risk management framework.
Over the next year, after working on compliance and privacy, more survey participants say they will be working proactively to help their organisations meet global business objectives.
Nearly 80% of survey respondents have identified and prioritized critical business processes as part of their business continuity plans; three quarters of them have undertaken an IT risk assessment in developing their plans.
Nearly half of information security executives say they have adopted or plan to adopt an information security standard.

Other areas for continuous improvement:
More than half of survey participants have yet to take steps to integrate information risk management into their overall risk management activities.
Over 40% of survey participants indicate they are not reporting about information security issues to their board of directors and business unit leaders on a regular basis.
Only half of organisations have their information security function proactively involved in achieving regulatory compliance.
Information security is least proactive today when addressing new technologies.
One-third of survey respondents say disaster recovery timescales have not been agreed to with the business, only half of business continuity plans have been tested, just over half of organisations have agreed on escalation procedures in response to a disaster, and less than half have developed an internal and external communication strategy for business continuity.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Stats NZ: Election Boosts October Job Numbers

Job numbers were boosted by general election staff in October 2020, along with rises in the manufacturing, retail, and hospitality industries, Stats NZ said today. Filled jobs rose by 27,667 to 2.2 million in October 2020 compared with September, after ... More>>

Government: New Year Border Exception For Seasonal Workers In The Horticulture And Wine Industries

2000 additional RSE workers to enter New Zealand early next year employers must pay these workers at least $22.10 an hour employers will cover costs of managed isolation for the RSE workers RSE workers will be paid the equivalent of 30 hours work a week ... More>>


Grey Power: Is Disappointed To Learn Of More Bank Closures

Many older people are being left without essential services because of cost cutting and the march of modern technology. It is now expected that most banking transactions can occur via the internet or telephone. Jan Pentecost, President of the Grey Power ... More>>


Department Of Conservation: Big Year Underway At Albatross Colony

Familiar faces are returning for the new season of Royal Cam, with a big breeding year underway for the toroa/northern royal albatross colony on Otago’s windswept Pukekura/Taiaroa Head. More than 120 albatrosses, a taonga species, have returned ... More>>

Real Estate: ASB Survey Reveals Majority Of Kiwis Expect House Prices To Keep Climbing


House price expectations are soaring as New Zealand’s housing market shifts up a gear. But stretched affordability is putting a dent in perceptions of whether it’s a good time to buy. While Kiwis reveal they do expect interest rates to fall further. ... More>>

ComCom: How Real Is That Bargain?

The Commerce Commission urges retailers and consumers to think hard about the bargains being offered as ‘Black Friday’ and Christmas draw near. Black Friday has now overtaken Boxing Day in terms of retail spending, according to data from electronic ... More>>

Stats NZ: Births And Deaths: Year Ended September 2020

Births and deaths releases provide statistics on the number of births and deaths registered in New Zealand, and selected fertility and mortality rates. Key facts For the year ended September 2020: 57,753 live births and 32,670 deaths ... More>>