Businesses need to change IT security approach

Tuesday 30 October 2012

Businesses wishing to counter the threats presented by existing and emerging technologies need to fundamentally shift their IT security approach, it has been claimed.

According to a new report from Ernst & Young, 88 per cent of businesses have experienced a higher number of security incidents in the last two years.

This has heightened the need for companies to develop a robust security architecture framework, the Big Four company claimed.

However, 64 per cent of organisations have no such framework in place and almost half of respondents (45 per cent) admit to only discussing information security issues once a year with their boards.

The main problem faced by companies is a lack of specialist skills - which is leading 57 per cent of firms to make improvements to their IT security.

Mark Brown, director of information security at Ernst & Young, said the results of the survey point towards two necessary changes.

"On the one hand, businesses need to understand that information security can no longer simply be an IT issue," he stated.

"They need to transform their perception of information security and make it a board sponsored topic that is eventually embedded in the core strategy of a business."

Mr Brown said that on the other hand, it is important to look at the bigger picture – Which is the lack of specialist skills.

"Since the late 1990s the number of UK-born graduates studying mathematics and science degrees has fallen by almost 70 per cent," he claimed.

"This has led to an increasing shortage in relevant skills and has put the UK's efforts to tackle growing cyber security risks on the back foot."

Mr Brown said encouraging the workforce of the future to seek a career in IT and information security is "key" to a sustainable solution.

Posted by Alex Boardman