Financial Times FT.com

IT security goes by the board

By Maija Palmer in London

Published: November 1 2005 22:29 | Last updated: November 1 2005 22:29

Companies are spending so much of their IT budgets on complying with regulations such as Sarbanes-Oxley and the European Union’s 8th Directive that they are neglecting other security threats, according to a new survey published on Wednesday.

Ernst & Young’s annual security survey found that compliance with regulations had become the key driver for information security spending at nearly two-thirds of companies around the world, eclipsing concerns such as protection against computer viruses and worms.

Regulations stipulating that company executives take personal responsibility for the accuracy of corporate data, such as accounts, have caused many companies to tighten internal IT controls, ensuring for example, that only authorised employees have access to accounts databases.

But the fact that executives can face prison sentences if companies fail to comply with regulations has led boards to focus a great deal of attention on the issue, to the detriment of other security problems, according to Anthony Smythe, head of the information security practice at Ernst & Young.

“The rub in all of this is that there is so much money being spent on mundane remedial things that companies are missing other important issues,” Mr Smythe said.

In particular, the study came to the conclusion that companies were still failing to assess security risks at their suppliers and outsourcing partners.

Several high-profile cases have highlighted such risks in the past year, including press allegations in June that Indian call centre workers handling queries for UK banks were selling on customer account details for cash.

Despite such incidents, more than a fifth of companies are not looking at security risks at suppliers at all. Of those that do have some risk management processes in place, most perform only an initial assessment.

Only 17 per cent carry out ongoing, independent third-party reviews of supplier security.

Companies are also failing to address security concerns related to emerging technologies, such as mobile computing, wireless networks and internet telephony. Removable media in particular were becoming a problem, said Mr Smythe. Corporations had found it difficult to stop employees from downloading corporate data on to devices such as iPods or USB thumb drives and leaving with them.

However, less than half of companies surveyed identified removable media as a key security issue.

Copyright The Financial Times Limited 2009. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.

  • Print article
  • Email article
  • Order reprints

More from this sector

Skype founders settle dispute

ProMos signs deal with Elpida

Skype

NEC plans $1.6bn share sale after losses

Crackdown on Wall St as 14 face charges

‘Call of Duty’ set to boost Activision

Capgemini aims for top five in US

An online shop window

Intel in trouble

Google privacy tool unveiled

Lenovo back in black

Latest Companies news

Recent reports

Market research reports

Report name Author Publish date Cost
Achieving the Business Case in Virtualization Info-Tech Research Group 11/1/2009 $1995
Application Outsourcing: Achieving Success & Avoiding Risk Info-Tech Research Group 11/1/2009 $1995
Telecommunications Market In Poland 2009 PMR Ltd. 11/1/2009 $2951.57
U.K. IT and Business Services Market Analysis, 2009 IDC 10/27/2009 $6400
IT Service Management: At the Forefront of Managing IT as a Business (Strategic Focus) Datamonitor 10/26/2009 $3395

Jobs and classifieds

Jobs

Search
Type your search criteria below:

Head of Metals Consulting

Wood Mackenzie

Programme Director

Verizon Business

General Manager – US

Global Software Solutions Company

IT Director

Financial Services, Insurance, Law

Recruiters

FT.com can deliver talented individuals across all industries around the world

Post a job now

Related Services