Business continuity, disaster recovery among top information security priorities: survey

Ernst & Young announced Tuesday the results a survey of executives on information security in which half of the respondents said business continuity and disaster recovery will be among their top priorities over the next year.

In its Global Information Security Survey 2013, the consulting firm suggested organizations who allow employees to use their own personal smart phone face some hard security questions.

In a press release, EY stated this year’s survey “shows only 13% of Canadian respondents prioritize the innovation of security services and technologies to address new and emerging threats.”

More than 1,900 respondents (including chief information officer, chief information security officers, chief financial officers and chief executive officers) in 64 countries participated in the survey, which was conducted last June and July. EY distributed a questionnaire to designated EY professionals in each country practice, “along with instructions for consistent administration of the survey process.” Most of the responses were collected in interviews and in some cases, respondents did the survey online.

Respondents were asked several questions, and in one they were asked to identify which information security areas they define as “top priorities over the coming 12 months.”

From a list of 21 items, the respondents were asked to mark five items showing their top priority with a 1, down to their fifth priority with a 5.

In business continuity/disaster recovery, 51% said it was a top priority, 17% said it was a second, 12% third, 10% fourth and 10% fifth.

For cyber risks and cyber threats, 38% said it was a top priority. Meanwhile, 26% identified data leakage/data loss prevention as a top priority.

The report also discussed different technologies, such as smartphones, tablets, big data, supply chain management (in the context of how customers, suppliers, and partners affect security) as well as “bring your own cloud,” which includes “personal cloud infrastructures that can be owned, managed and operated by an organization, third party or a combination of both, and may exist on or off the premises.”

Many organizations already let workers bring their own devices, EY noted.

“Widespread adoption of BYOD has only occurred recently,” according to the report. “Yet, as we continue to hear about sensitive or confidential security breaches by those using smartphones and tablets, the question becomes: Who is responsible for the smartphone’s data – employer or employee? And how often is the smartphone being updated and security notifications appearing?”