Pace stepped up on IT security

Finance directors came to terms with the fact that they would have to bear
some of the brunt of managing IT security risk a long time ago.

Protecting financial information and managing processes to block external
attacks against corporate networks is essentially the work of IT experts, but
FDs often find that risk management brings them into contact with keeping tabs
on the controls and processes of IT quite frequently.

It seems that raising IT security as a board level issue has paid off – to an
extent. The latest biennial information security breaches survey by the DTI and
PricewaterhouseCoopers has found that fewer companies had security breaches than
two years ago, down to 62% from 74%.

Budgets for IT security have also climbed over the period, the average UK
company now spending 4-5% of its IT budget on security, compared to 1-2% in the
last survey.

And 83% of respondents from businesses in the UK said information security
was a high priority for management, compared to 73% in 2004.

But, as with all things technological, the change of pace creates new
opportunities – and threats – for UK plc.

While 100% of respondents had implemented anti-virus software, only 76% used
anti-spyware technology. The report highlights a large pharmaceutical company
that viewed spyware as its ‘biggest current challenge’.

Mark Hughes, EMEA managing director of messaging security business
Proofpoint, warned that communication channels such as instant messaging and
blogs had also become big concerns for companies.

‘Content security products can enforce policies related to confidential
information and block inappropriate use, and organisations need to decide which
documents and data are sensitive then apply consistent policies around their
use,’ said Hughes.

External auditors were used by 58% of large businesses for security guidance
compared to 36% overall, while a business advisory firm other than their auditor
was used by 24% of large businesses.

Related reading