Ernst & Young Report Reveals Companies Unprepared to Address Risks Created by New Technology

LONDON--(BUSINESS WIRE)--Less than a third of global businesses have an IT risk management program capable of addressing the risks related to the use of new technologies, according to Ernst & Young?s 13^th annual Global Information Security Survey. In spite of the rapid emergence of new technology, just one in ten companies consider examining new and emerging IT trends a very important activity for the information security function to perform.

A significant increase in use of external service providers and business adoption of new technologies, such as cloud computing, social networking and Web 2.0, is recognized to increase risk for 60% of respondents. Yet, in spite of this, less than half intend to increase annual investment in information security.

Paul van Kessel, Ernst & Young Global IT Risk and Assurance Leader, comments: ?Technology advances provide an increasingly mobile workforce with seemingly endless ways to connect and interact with colleagues, customers and clients. These advances represent a massive opportunity for IT to deliver significant benefits to the organization but new technology also means new risk. It is vital that companies not only recognize this risk, but take action to avoid it.?

Over half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives, due to widespread use of mobile computing devices. For almost two-thirds employees? level of security awareness is recognized as a considerable challenge.

Paul van Kessel comments: ?As the mobile workforce continues to grow, so does the level of risk. In addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks. The delivery of effective, and regular, security awareness training is a critical success factor as companies attempt to keep pace with the changing environment.?

Other findings:

• Half of respondents plan to spend more over the next year on data leakage and data loss prevention ? up 7% from last year. To address potential new risks, 39% are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.
• For the first time, continuous availability of critical IT resources was identified as one of the top five risks.
• 23% of respondents are using cloud computing services, a further 15% plan to use within the next 12 months. For 85% of respondents, external certification of cloud service providers would increase trust; 43% state that certification should be based upon an agreed standard and 22% require accreditation for the certifying body.

Ernst & Young?s 2010 Global Information Security Survey was conducted between June and August 2010. Nearly 1,600 organizations in 56 countries and across all major industries participated.

About Ernst & Young

Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 141,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com.

This news release has been issued by EYGM Limited, a member of the global Ernst & Young organization that also does not provide any services to clients.