Threats to companies’ information security are accelerating at a significantly faster pace than the security enhancements those organizations are making, according to a recent Ernst & Young survey. Seventy-seven percent of respondents indicated an increase in external threats, and nearly half (46%) said they have noticed an increase in internal vulnerabilities.
“The bad actors are leaping ahead, and there are more of them,” says Chip Tsantes, a principal at Ernst & Young. And their motivations are different from what they were in the past.
It’s also critical that the business and the executives in charge of risk partner with IT on information security. Yet according to the E&Y survey, the information security agenda continues to be led by IT rather than being focused on the overall business strategy. Just 38% of the companies surveyed align their information security strategy to the organization’s risk appetite and risk tolerance, according to the survey.
“When I talk to companies about where they are spending their security dollars and the top 10 things they’re trying to protect, it’s rarely the case that there’s a strong correlation,” says Tsantes, pictured at left. “That speaks to the need to get the risk team involved in setting those priorities and understanding where you’re going to concentrate your spending and your people.”