Security incidents up for 21% of Canadian businesses: Ernst & Young survey
Canadians lag behind global counterparts in IT risk spending
TORONTO, Nov. 19, 2012 /CNW Telbec/ - With 21% of Canadian businesses surveyed
seeing more IT security incidents in the last year, companies here need to
fundamentally change the way they're approaching this kind of risk, Ernst &
Young says in a new report.
What's more, investment in the area of information security lags behind global
trends. In Fighting to close the gap: Ernst & Young's 2012 Global Information
Security Survey, the firm finds that Canada is lagging behind most countries
in security innovation, with little more than 5% of spending invested in new
technologies and management processes targeting information security over the
last 12 months.
"In recent years, businesses have made significant moves to respond to
information security threats by addressing vulnerabilities with increased
resources, training, governance and integration," says Rafael Etges, Ernst &
Young's Information Security Practice Leader in Toronto. "But with better
technology and smarter attacks occurring in greater numbers, short-term
solutions and incremental changes are not enough. What we need now is a
fundamental business transformation to close the gap."
With a primary focus on security operations and maintenance rather than on
innovation, only 36% of Canadian respondents indicate that their function
fully meets their need. "Today in Canada, information security functions are
fixing problems that are three to five years old, and the gap between what
they are doing and should be doing has widened," notes Etges.
In the fight to close the gap between vulnerability and security, Etges
believes the information security agenda should no longer be IT led, but
rather focused on the overall business strategy. It requires a fundamental
business transformation, which can be achieved through the following four key
1. Link information security strategy to the business strategy: Right
now in Canada, 42% of respondents don't have information security
strategies. Moreover, a significant number of respondents don't
have threat intelligence programs, or assurance that their
security vendors are doing what they are supposed to be doing.
2. Redesign the architecture: The successful approach will
demonstrate how information security can deliver business results,
allowing for innovation and incorporating new technologies.
3. Execute the transformation successfully and sustainably: Involve
leaders in defining the future state, and involve the entire
organization in owning the future state. Provide execution support
down the road, and be transparent with challenges and fixes.
4. Conduct a deep dive into the opportunities — and the risks
— presented by new technologies: Take a 360Ú look at new
technologies such as social media, big data, cloud and mobile
technologies to identify and offset the associated risks.
To read the complete survey findings and recommendations for organizations,
About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory
services. Worldwide, our 167,000 people are united by our shared values and an
unwavering commitment to quality. We make a difference by helping our people,
our clients and our wider communities achieve their potential.
For more information, please visit ey.com/ca.
Ernst & Young refers to the global organization of member firms of Ernst &
Young Global Limited, each of which is a separate legal entity. Ernst & Young
Global Limited, a UK company limited by guarantee, does not provide services
Julie Fournier firstname.lastname@example.org 514 874 4308
Sarah Shields email@example.com 604 648 3607
Erika Bennett firstname.lastname@example.org 416 943 5497
SOURCE: ERNST & YOUNG
To view this news release in HTML formatting, please use the following URL:
CO: ERNST & YOUNG
NI: INS ECOSURV LABOR LBR
-0- Nov/19/2012 13:55 GMT
Press spacebar to pause and continue. Press esc to stop.