TechnologyConsumer business lacks IT security strategy

Consumer business lacks IT security strategy

Deloitte survey shows that 80% of companies in consumer business have no formal information security strategy in place

Large chunks of the retail sector, which is holding increasingly large
databases of consumer details, do not have formal IT security systems in place,
a study by Deloitte has found.

The research found that 80% of companies do not have an information security
strategy formally defined and 86% have never performed an inventory to
understand where their data is stored and how it is managed.

After the HM Revenue & Customs lost child benefit discs crisis and the IT
security issues at SocGen, the lack of controls at consumer businesses will come
as shock to consumers.

‘Retail companies are holding greater and greater amounts of customer data –
from purchasing patterns recorded on customer loyalty cards, to financial
information from credit cards. Whilst this helps sales and marketing and can
deliver valuable market and customer intelligence, it may also increase
vulnerability to data theft,’ Andy Morris, consumer business partner at Deloitte
said.

Morris added: ‘Worryingly, despite legislation and standards such as the Data
Protection Act and the Payment Card Industry Data Security Standard (PCI DSS),
only 13% of businesses had performed an inventory of personal and cardholder
data – the first step in protecting data.’

Other striking findings in the report were that only 20% of consumer business
respondents had a formally defined information security strategy.

This was well below the 54% reported in Deloitte’s 2007 IT survey of the
telecoms and media industry and the 63% reported in the firm’s poll of the
financial services sector.

Further reading:

Review 2007: Government IT

HMRC highlights end to end encryption
requirement

Related Articles

Is predictive analytics the end of the annual audit?

Audit Is predictive analytics the end of the annual audit?

2d Martin Herron, MHA MacIntyre Hudson
Cybersecurity webinar: how protected are you and your data?

Security Cybersecurity webinar: how protected are you and your data?

6d Emma Smith, Managing Editor
Back to the Future: why financial transformation just hasn’t happened

Technology Back to the Future: why financial transformation just hasn’t happened

7d Workday | Sponsored
GDPR: Don’t forget the human touch

Security GDPR: Don’t forget the human touch

2w Neil Patrick, Director of GRC and Centre of Excellence EMEA for SAP
5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
HMRC scaling back digital projects to ‘release project capability to EU Exit work’

Brexit HMRC scaling back digital projects to ‘release project capability to EU Exit work’

3w Alia Shoaib, Reporter
What is the role of governance, compliance, and control in financial transformation?

Corporate Governance What is the role of governance, compliance, and control in financial transformation?

4w Workday | Sponsored
Grant Thornton joins with Immersive Labs to increase cyber talent

Career Grant Thornton joins with Immersive Labs to increase cyber talent

1m Lucy Skoulding, Reporter