By Tony Hallett, 15 July 2003 06:21
NEWS Despite a realisation across organisations that cyber-security should be a top priority, a large portion of users feel inadequately protected, and humans - rather than technology - continue to be the weakest link. Many analysts are now recommending security budgets of 3-5 per cent of operational expenditure and organisations are nearing this level in some cases but "lack of budget" is considered a reason for corporate angst. That's according to Ernst & Young's sixth annual global information security survey, which has also found around a third of organisations rate their ability to tell if their information systems are under attack as 'inadequate' or 'only marginal'. Jan Babiak, managing partner at Ernst & Young's UK Information Security Practice, told silicon.com: "Organisations shouldn't necessarily be spending more [than 3-5 per cent] but they should be spending it better, spending it on the right things." Common corporate oversights include little monitoring of partners' business continuity plans, a lack of understanding of insurance policy cover for breach-related damage and insufficient privacy compliance processes put in place. However, many companies are still focused too much on software-related security. E&Y's Babiak said physical barrier breaking, such as poor building security or keystroke capturing 'dongles' placed between keyboards and PCs, could be at least as dangerous. Also poor staffing procedures - for example not running background checks while hiring - are a threat. Babiak added: "Getting people security right is harder. There can often be a vulnerability at a very low level." E&Y polled senior IT business executives at 1,400 companies around the world.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below