ROBERT HALF INTERNATIONAL, INC MENLO PARK, Calif., Sept. 15, 2014 /PRNewswire/ -- In an era when cyber security threats are more common than ever, organizations continue to struggle to manage data securely, prepare for potential crisis scenarios, and defend against hacking and other cyber threats, according to findings from the 2014 IT Security and Privacy Survey (www.protiviti.com/ITsecuritysurvey) conducted by global consulting firm Protiviti (www.protiviti.com).
http://photos.prnewswire.com/prnvar/20090115/AQTH541LOGO
"Our survey results tell a story of gaps between where companies currently stand and where they should be in relation to fundamental elements of IT security. Some progress has been made since our last survey, yet many organizations still fall short of important standard protocols for IT security and privacy," said Cal Slemp, managing director with Protiviti and global leader of the firm's IT security and privacy practice. "Companies need to take more action in relation to the risks they recognize to better protect their crucial data."
Key Survey Findings
The overarching findings from this year's results are tied predominantly to five major themes that suggest companies still need to make further improvements to their IT security and privacy practices.
-- Organizations lack high confidence in their ability to prevent a cyber
attack or data breach. While executive management has a higher level of
awareness when it comes to the organization's information security
exposures, lower confidence levels among IT executives and professionals
in preventing an attack or breach likely speak to the creativity of
cyber-attackers and the inevitability of a breach - and the need for
strong incident response planning and execution.
-- Companies are not properly preparing for crisis scenarios. There is a
significant year-over-year jump in the number of organizations without a
formal and documented crisis response plan to execute in the event of a
data breach or cyber attack.
-- There is a correlation between board engagement and stronger IT security
profiles. Nearly three out of four boards have a good level of
understanding about the organization's information security risks,
according to survey results. Organizations whose boards are concerned
with how the organization is addressing its risks, have significantly
stronger IT security profiles. On the other hand, one in five boards
appears to have a low level of engagement in how the company is
addressing information security risks. "With greater market sensitivity
to information security issues as well as a rise in associated legal
requirements, we would expect board interest to be even higher in most
organizations," said Slemp.
-- Companies do not have proper "core" data policies. One in three
companies does not have a written information security policy (WISP).
More than 40 percent lack a data encryption policy. One in four do not
have acceptable use or record retention/destruction policies. These are
critical gaps in data governance and management, and they carry
considerable legal implications.
-- Not all data is equal. The percentage of organizations that retain all
data and records has more than doubled - not necessarily a positive
development. In addition, a relatively large number of organizations do
not prioritize data that is processed and governed with a data
classification schema. Even fewer companies appear to prioritize data
that is highly regulated, including PCI (payment card industry) and
healthcare-related information.
Some Positive Results
The survey shows that CIOs and CSOs are more engaged in taking on the primary responsibility for security policies than in prior years. Also, companies are becoming more aware of their data lifecycle - where and how long their data is stored. Of note, only a small number of organizations are moving their sensitive data into the cloud despite news stories and industry conjecture to the contrary.
Webinar and Additional Resources Explore Survey Results Further
The third edition of Protiviti's IT Security and Privacy Survey gathered insights from more than 340 CIOs, CSOs, IT directors, managers and IT auditors at companies with gross annual revenues ranging from less than $100 million to greater than $20 billion. The complimentary survey report is available at: www.protiviti.com/ITsecuritysurvey.
A complimentary webinar with IT security experts discussing the survey results will be held on September 30 at 10:00 a.m. PDT. Guest speaker Heidi Shey, security and risk analyst from Forrester Research, Inc., will be joined by Protiviti's Cal Slemp and Scott Laliberte, a Protiviti managing director and global penetration testing and vulnerability assessment services leader. To register for the webinar, please visit http://www.protiviti.com/webinars.
An infographic and video summarizing the survey results are also available at www.protiviti.com/ITsecuritysurvey. Additionally, a podcast featuring Slemp's insights about the survey results is available at www.protiviti.com/podcasts.
About Protiviti Inc.
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000(®) and FORTUNE Global 500(®) companies. Protiviti and its independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies.
Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
Editor's note: An infographic of key survey findings is available in JPEG and PDF upon request.
Logo - http://photos.prnewswire.com/prnh/20090115/AQTH541LOGO
SOURCE Protiviti
