SHARE
Follow this article on Twitter Facebook LinkedIn Bookmark and Share
Home >> Security >> Disaster Recovery - Business Continuity

We are the security problem

We are the security problem

By:  Diann Daniel  On: 05 Feb 2008 For: CIO.com (DW) Creator

In a survey, 75 per cent of companies said human error is the leading cause of security failures. And more than 90 per cent said the risk of misbehaving employees worries them

The infosecurity picture hasn't changed: we're still our own biggest threat.

Human threats score much higher than those posed by technology, according to a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide.

Seventy-five percent of companies listed human error as the leading cause of security failures such as breakdowns and systems outages.

Forty-eight percent also cited operations and technology lapses as key causes of security failures.

Problems resulting from third parties such as contractors and business partners, meanwhile, received 28 percent of the votes as a root cause of security failures.

Misbehaving employees also figure prominently in IT fears: Ninety-one percent of respondents say the risk of employee misconduct related to information systems worries them.

Read more

Visit IT World Canada's Security Knowledge Centre.

Another security worry is many line-of-business executives' tendency to see information security as solely IT's problem, Deloitte says. Forty percent of surveyed companies give IT the primary responsibility for information security, and 45 percent say top management is informed about security issues only on an ad hoc basis. And although 62 percent say security is a key imperative at the board or executive level, that number is low, says Deloitte, since security should be top strategic priority for every TMT company.

To mitigate these security threats, Deloitte recommends that security goals be integrated into business strategies and plans. Measuring ROI on security efforts and providing thorough and ongoing security training to all levels of the organization are also key, Deloitte advises. Training can educate employees on how to deal with the latest security threats and can serve as a reminder to stay vigilant.

"The technology, media and entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," said Rena Mears, Deloitte's global and U.S. privacy and data protection leader, in a press release. "A prerequisite for effective information security is the implementation of a proactive information security strategy that is closely linked to the company's overall business strategy, business requirements, and key business drivers."


Sign up for our Newsletters
Tags: security threats, telecommunications
Close X












Close X
Print |  Views: 920   |   Rating:offoffoffoffoff  (0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.



Close X
Page 1

Diann Daniel Diann Daniel is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

Related Content

Focus on the human factor, security panel says
Focus on the human factor, security panel saysAn ISACA panel champions a governance model for information security that demands an "intentional culture" of a secure corporate environment
How to mashup without a screwup
How to mashup without a screwupMashup software can only succeed if it is designed with the user in mind. How IT staff can help
What the hell is a terabyte anyway?
What the hell is a terabyte anyway?Most Canadian CIOs interviewed in a survey of financial services firms stressed the importance of translating tech-speak into performance measurements that any business executive can understand
Feeling the Heat
predictions are that the it security situation in canada will worsen ‘canadian companies are over-confident a
blog comments powered by Disqus