IoT and the new global information security need

Download the article to read all the content on which this summary is based.

EY’s Global Information Security Survey (GISS) 2015* reveals that cyber attackers are finding new and better ways to take advantage of the rapid expansion of digitization and the increasing connectivity of businesses. Among the 1,755 survey respondents, an emerging theme is a need for greater awareness of how our daily lives are increasingly interwoven with internet-connected devices, and what this means for an organization’s cybersecurity approach.

88% of respondents do not believe their information security fully meets the organization’s needs.

This article examines some of the key findings from the 2015 survey which identified the top two vulnerabilities as careless or unaware employees, and outdated information security controls or architecture. This immediately points to cybersecurity needing to be an issue that is addressed at all levels across every organization — and beyond, even further down the chain.

Cybersecurity is more than a technology issue and it cannot remain in the IT domain. Similarly, cybersecurity cannot be the responsibility of any one member of the board — it affects every level of a business, in often subtle and not easily recognized ways. For this reason, organizations must deploy an “Active Defense” approach, outlined in EY’s GISS report.

*Creating trust in the digital world: EY’s Global Information Security Survey 2015, EY, 2015,

The article was written by:

  • Tim Best
    Director, Advisory Services, EY, Europe, Middle East, India and Africa

Read the full articlepdf586.88 kB

EY refers to one or more of the member firms of Ernst & Young Global Limited (EYG), a UK private company limited by guarantee. EYG is the principal governance entity of the global EY organization and does not provide any service to clients. Services are provided by EYG member firms. Each of EYG and its member firms is a separate legal entity and has no liability for another such entity's acts or omissions. Certain content on this site may have been prepared by one or more EYG member firms