IT security: firms comply only in letter not in spirit

New Delhi, Nov 14 | Updated: Nov 15 2005, 05:52am hrs
More and more companies across the world are complying with IT security, not because of worms or viruses, but due to compliance with new regulations, according to the Global Information Security Survey released by Ernst & Young.

More than 1,300 global companies, government and NGOs in 55 nations participated in the survey. Nearly 66% of respondents cited compliance with regulations such as clause 49 of the listing agreement, Sarbanes-Oxley, the EUs 8th Directive or their equivalents as the primary driver of IT security.

However, organisations across the globe are missing the rare investment opportunities that compliance offers to promote IT security, the survey noted.

Terry Thomas, partner of Ernst & Youngs technology and security risk services, said: Compliance is proving to be more of a distraction than a catalyst for IT security. One might assume that due to regulatory compliance, IT security postures are improving. But, unfortunately, this is not happening.

The gap continues to widen between risks brought on by rapid changes in the global business environment and what IT security is doing to address those risks. The survey finds that the declining cost of wireless connectivity, are driving the rapid adoption of mobile technology.

But these devices may hamper the information security and IP assets, though many organisations are not accepting this fact. Less than 50% of organisations train employees on the impact on IT security with these technologies.

New technologies like VoIP, open source and server virtualisation, can increase profits but can be a significant security concern. But only 20% of organisations are concerned, despite the serious threats these technologies bring with them.