15/10/2009 15:00

• UK lags trading partners
• Biometric security is big in China
• 80% of organisations worldwide have no policies for social networking

UK businesses and public sector organisations are losing ground to those in many of their major overseas trading partners when it comes to protecting and securing data, says a new survey of more than 7,000 information security professionals across the globe, published by PricewaterhouseCoopers LLP today.

Some 49% of UK executives polled in the 7th annual ‘Global State of Information Security Survey’, carried out in conjunction with CIO and CSO magazines, did not know how many security incidents their organisations had experienced over the last 12 months, compared to only 7% in China. Only 37% of UK respondents said their organisation had an accurate inventory of where sensitive data was stored. Just 37% said they employ a Chief Information Security Officer, and less than half (47%) have a disaster recovery plan; both figures are significantly higher in the US.

Globally, 12% of respondents believe spending on information security will be cut over the next 12 months, up from 5% last year. But 63% believe that spending will stay the same or increase, providing some evidence that information security budgets are safe, for now.

William Beer, director, One Security practice, PricewaterhouseCoopers LLP, said:

“The recession means all budgets are under pressure but many companies know that now is not the time to slash their security spend. There are a host of new and emerging threats that range from complex malware to attacks from cyber-criminals and e-espionage, all of which can result in material loss and reputational damage.

“We are also aware that, at a senior level, UK executives are extremely anxious about moving to digital business models, where core information assets, such as customer data and intellectual property, may be shared with business partners and outsourced suppliers, often in other countries. This adds another dimension to the risks involved.”

Other findings from the global survey show that 40% of respondents believe that threats to the security of their companies’ information has increased over the last year and, of those, a similar proportion say risks have increased due to employee lay-offs as a result of the economic recession.

The list of new investments in the information security area is topped by the increasing use of biometrics, especially in China, where 69% of respondents reported they were used to protect information, compared to just 22% in the UK.

Another new trend is the growth in the number of employees accessing social networks from work and the risks this behaviour brings with it. 40% report that their organisations have security technologies that support Web 2.0 exchanges such as social networks, blogs and wikis. In addition, approximately one third audit and monitor networking postings to external blogs or social networking sites, while 23% have security policies to address this.

When asked what they thought were the biggest priorities to continue meeting their security objectives, respondents highlighted the need for an increased focus on data protection and a more intelligent prioritisation of security investments based on risk.

Jon Hayton, a director in PwC’s forensic investigations team, said:

“The findings from this survey match what we are hearing from our clients in the UK. It is good news that companies have chosen not to slash security budgets. Good security practice needs to be embedded into the DNA of a business, not bolted on as an afterthought. Unfortunately there are many organisations where this is still the case. This makes their security performance very fragile. When it goes, it can go very quickly. I have seen good security practices fall apart in months.”

ENDS

Contacts:
William Beer, director, PricewaterhouseCoopers LLP
Tel: +44 (0)20 7212 7337, Mobile: 0784 156 3890, Email: william.beer@uk.pwc.com

Derek Nash, media relations, PricewaterhouseCoopers LLP
Tel: +44 (0)20 7804 3058, Mobile: 0770 347 0224, Email: Derek.nash@uk.pwc.com

Andrew Smith, media relations, PricewaterhouseCoopers LLP
Tel: + 44 (0) 20 7804 7110, Mobile: 0784 149 1180. Email: Andrew.x.smith@uk.pwc.com

Notes to Editor:

1. Methodology

The Global State of Information Security 2010 is a worldwide security survey by PricewaterhouseCoopers, CIO magazine and CSO magazine. It was conducted online from April 22 to June 15, 2009. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,200 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 130 countries. 31% of respondents were from North America, 27% from Asia, 26% from Europe, 14% from South America, and 2% from the Middle East and South Africa. The UK sample comprises 455 respondents. The margin of error is ±1%.

2. About PricewaterhouseCoopers
PricewaterhouseCoopers provides industry-focused assurance, tax, and advisory services to build public trust and enhance value for its clients and their stakeholders More than 155,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.

"PricewaterhouseCoopers" refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.