Security incidents up for 21% of Canadian businesses: Ernst & Young survey

Security incidents up for 21% of Canadian businesses: Ernst & Young survey 
Canadians lag behind global counterparts in IT risk spending 
TORONTO, Nov. 19, 2012 /CNW Telbec/ - With 21% of Canadian businesses surveyed 
seeing more IT security incidents in the last year, companies here need to 
fundamentally change the way they're approaching this kind of risk, Ernst & 
Young says in a new report. 
What's more, investment in the area of information security lags behind global 
trends. In Fighting to close the gap: Ernst & Young's 2012 Global Information 
Security Survey, the firm finds that Canada is lagging behind most countries 
in security innovation, with little more than 5% of spending invested in new 
technologies and management processes targeting information security over the 
last 12 months. 
"In recent years, businesses have made significant moves to respond to 
information security threats by addressing vulnerabilities with increased 
resources, training, governance and integration," says Rafael Etges, Ernst & 
Young's Information Security Practice Leader in Toronto. "But with better 
technology and smarter attacks occurring in greater numbers, short-term 
solutions and incremental changes are not enough. What we need now is a 
fundamental business transformation to close the gap." 
With a primary focus on security operations and maintenance rather than on 
innovation, only 36% of Canadian respondents indicate that their function 
fully meets their need. "Today in Canada, information security functions are 
fixing problems that are three to five years old, and the gap between what 
they are doing and should be doing has widened," notes Etges. 
In the fight to close the gap between vulnerability and security, Etges 
believes the information security agenda should no longer be IT led, but 
rather focused on the overall business strategy. It requires a fundamental 
business transformation, which can be achieved through the following four key 
1. Link information security strategy to the business strategy: Right 

     now in Canada, 42% of respondents don't have information security
     strategies. Moreover, a significant number of respondents don't
     have threat intelligence programs, or assurance that their
     security vendors are doing what they are supposed to be doing.

  2. Redesign the architecture: The successful approach will
     demonstrate how information security can deliver business results,
     allowing for innovation and incorporating new technologies.

  3. Execute the transformation successfully and sustainably: Involve
     leaders in defining the future state, and involve the entire
     organization in owning the future state. Provide execution support
     down the road, and be transparent with challenges and fixes.

  4. Conduct a deep dive into the opportunities — and the risks
     — presented by new technologies: Take a 360Ú look at new
     technologies such as social media, big data, cloud and mobile
     technologies to identify and offset the associated risks.

To read the complete survey findings and recommendations for organizations, 

About Ernst & Young
Ernst & Young is a global leader in assurance, tax, transaction and advisory 
services. Worldwide, our 167,000 people are united by our shared values and an 
unwavering commitment to quality. We make a difference by helping our people, 
our clients and our wider communities achieve their potential.

For more information, please visit

Ernst & Young refers to the global organization of member firms of Ernst & 
Young Global Limited, each of which is a separate legal entity. Ernst & Young 
Global Limited, a UK company limited by guarantee, does not provide services 
to clients.

Julie Fournier 514 874 4308

Sarah Shields 604 648 3607

Erika Bennett 416 943 5497


To view this news release in HTML formatting, please use the following URL:

ST: Quebec

-0- Nov/19/2012 13:55 GMT

Press spacebar to pause and continue. Press esc to stop.