Privacy protection becomes a priority

In an environment where 56% of organizations surveyed say they are unlikely or highly unlikely to detect a sophisticated cyber attack, this article examines what trends came out of EY’s latest Global Information Security Survey with regard to the protection of personal information.

“Anticipating cyber attacks is the only way to get ahead of cyber criminals.” This is the key message from Get ahead of cybercrime: EY’s Global Information Security Survey 2014.* The report looks at global changes in the cyber threat landscape, probes the way organizations are currently coping with cybersecurity and offers insights into how companies can improve their situation, proactively getting ahead of cybercrime.

In an environment where 56% of organizations surveyed say they are unlikely or highly unlikely to detect a sophisticated cyber attack, the full article on which this extract is based examines what trends came out of the survey findings with regard to the protection of personal information.

Privacy is a priority for the responding organizations

The questions and responses in the report focused on two common types of proprietary information: personal information (referred to as privacy and as identifiable financial information) and intellectual property. The results suggest that personal information, for which privacy considerations are applicable, is by far the focus of security organizations (about 50% higher priority) than intellectual property.

Internal risks to personal information are top of mind

One of the more interesting findings of this year’s study is the focus of the information security organization. The area of risk of greatest interest, by far, is the insider threat: specifically, the uninformed employee who has access to information and may unintentionally lead to its exposure or misuse.

More resources are needed to protect information

There seems to be a contradiction between the identification of risk and the resources allocated to mitigate it. While both threats and vulnerabilities to information are increasing, budgets have not been growing significantly from previous years and are not expected to grow much in the coming 12 months. Directly associated with the need for bigger budgets is the noted demand for skilled security resources. Organizations report that security professionals are playing additional roles within their companies.

What do these results mean for privacy professionals?

This year’s results clearly suggest that the security organization has its sights on risks to personal information – a fact that should be heartwarming to any privacy professional. Privacy protection is not an afterthought of the security professionals but, increasingly, a leading purpose for them. There are challenges nonetheless; chief in them is that the solutions in place to do so are a patchwork of tactical technical controls and traditional administrative controls.

* EY’s Global Information Security Survey was conducted between June 2014 and August 2014. More than 1,800 respondents across all major industries and in 61 countries participated. To download the report, visit ey.com/giss, accessed February 2015.

Read the full articlepdf1.82 MB

EY refers to one or more of the member firms of Ernst & Young Global Limited (EYG), a UK private company limited by guarantee. EYG is the principal governance entity of the global EY organization and does not provide any service to clients. Services are provided by EYG member firms. Each of EYG and its member firms is a separate legal entity and has no liability for another such entity's acts or omissions. Certain content on this site may have been prepared by one or more EYG member firms