Safe door

Firms must face third-party security risks

Most organisations are in denial about the security risks of sharing data with partners, says Ernst & Young

Written by Phil Muncaster

IT Week, 16 Nov 2006

Over half of organisations are failing to manage the risks of sharing data with third parties, although many are now investing in securing the capture and storage of sensitive data, according to a new global survey by consultancy Ernst & Young.

The firm's Global Information Security Survey of 1,200 public and private sector organisations in nearly 50 countries found that more than three-quarters cited privacy and data protection as a significant issue; with 52 percent addressing privacy and data protection with formal procedures.

"It's been an issue for years but it has been done in an ad-hoc way through point solutions," explained the firm's UK head of Technology and Security Risk Services, Richard Brown. "But now consumers are being more savvy in that area, and organisations are getting on top of segregation of duties and securing data. "

He added that although many firms are now taking "a good solid risk management approach" to data security, it is becomingly increasingly important to have disaster recovery processes underpinning that. But only half of respondents said they actually tested their plans while only 46 percent said they have communication strategies in place.

Another major finding of the survey was the lack of formal agreements with third-party suppliers for secure data sharing in just over half of firms. Brown argued that this is because contracts are often set up without the input of the CIO, who should enforce compliance with corporate standards over data security.

Donald Massaro, chief executive of secure messaging specialist Sendmail, agreed that firms are now taking data security a lot more seriously, driven by compliance with new legislation and high profile data breaches.

"It has reached a tipping point in the States and the Californian [data breach notification] law has put some teeth on it," he explained. "Also, if you lose intellectual property that is violating Sarbanes Oxley; it's all high visibility stuff which has the attention of [top-level executives] and it's moving over into Europe."

Advertisement

Enjoyed this article? Help spread the word:

Comments

Have your say on this article

Also read

Related articles

White papers

Related jobs

More Accounting jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Management Consultancy Top 75

21st annual survey shows another £1bn on revenues

bryan clark, chief information officer at kpmg europe

Profile: Bryan Clark, chief information officer at KPMG Europe

Getting the right infrastructure is instrumental in consolidating KPMG’s European...

Apprentices, Arnie and Archos in the latest YP

September issue of Young Professional appraises the year for our...

Find your next job

Find your next job

Advertisement

Salary Checker

Newsletters

Sign up here for the very latest news delivered to your inbox. Choose from the following options:

Search white papers

Search white papers

Advertisement

Have your say

THE BIG QUESTION: FAIR VALUE
Should fair value accounting be suspended in the wake of the market crisis?
Yes, it's a big part of the problem
No, don't shoot the messenger

Job of the week

More finance jobs

Advertisement

Your next job