Privacy protection becomes a priority
In an environment where 56% of organizations surveyed say they are unlikely or highly unlikely to detect a sophisticated cyber attack, this article examines what trends came out of EY’s latest Global Information Security Survey with regard to the protection of personal information.
“Anticipating cyber attacks is the only way to get ahead of cyber criminals.” This is the key message from Get ahead of cybercrime: EY’s Global Information Security Survey 2014.* The report looks at global changes in the cyber threat landscape, probes the way organizations are currently coping with cybersecurity and offers insights into how companies can improve their situation, proactively getting ahead of cybercrime.
In an environment where 56% of organizations surveyed say they are unlikely or highly unlikely to detect a sophisticated cyber attack, the full article on which this extract is based examines what trends came out of the survey findings with regard to the protection of personal information.
Privacy is a priority for the responding organizations
The questions and responses in the report focused on two common types of proprietary information: personal information (referred to as privacy and as identifiable financial information) and intellectual property. The results suggest that personal information, for which privacy considerations are applicable, is by far the focus of security organizations (about 50% higher priority) than intellectual property.
Internal risks to personal information are top of mind
One of the more interesting findings of this year’s study is the focus of the information security organization. The area of risk of greatest interest, by far, is the insider threat: specifically, the uninformed employee who has access to information and may unintentionally lead to its exposure or misuse.
More resources are needed to protect information
There seems to be a contradiction between the identification of risk and the resources allocated to mitigate it. While both threats and vulnerabilities to information are increasing, budgets have not been growing significantly from previous years and are not expected to grow much in the coming 12 months. Directly associated with the need for bigger budgets is the noted demand for skilled security resources. Organizations report that security professionals are playing additional roles within their companies.
What do these results mean for privacy professionals?
This year’s results clearly suggest that the security organization has its sights on risks to personal information – a fact that should be heartwarming to any privacy professional. Privacy protection is not an afterthought of the security professionals but, increasingly, a leading purpose for them. There are challenges nonetheless; chief in them is that the solutions in place to do so are a patchwork of tactical technical controls and traditional administrative controls.
* EY’s Global Information Security Survey was conducted between June 2014 and August 2014. More than 1,800 respondents across all major industries and in 61 countries participated. To download the report, visit ey.com/giss, accessed February 2015.
Read the full article1.82 MB