Businesses are failing to adequately protect against future security threats

Businesses are failing to adequately protect against future security threats
External threats are on the increase

According to accountants Ernst & Young's 15th Global Information Security Survey 2012 the majority of respondents (77%) have experienced a higher number of external attacks to the business - up from 72% in 2011 and up from 41% in 2009,

In the same span of time, organisations have also noticed an increase in internal vulnerabilities. In this year's survey, nearly half of respondents (46%) say they have noticed an increase. Thirty-seven percent rank careless or unaware employees as the threat that has increased the most over the last 12 months.

The security threat gap

However instead of businesses enhancing their security businesses appear to be doing the opposite, Ernst and Young has revealed a widening security gap, between the current level of information security and the level of security required to deal with the accelerating threat level

Nearly two-thirds (64%) of organisations have no robust security architecture framework in place and almost half of respondents (45%) admit to only discussing information security issues once a year with their boards.

Ernst & Young found that one of the reasons for the rise in attacks was new technologies such as cloud computing and Bring Your Own Device (BYOD) that businesses are adopting in order to cut costs and be more efficient. One in five (20%) businesses have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.

Lack of budget and skills

The report points to two main reason for the lack of security budget and lack of skills

Over half (61%) of the businesses surveyed named budget constraints as the main obstacle to their company's information security strategy. While lack of specialist skills is cited as the main symptom that forces organisations (57%) to focus on the implementation of improvements to their information security capabilities that provide only short-term solutions instead of tackling the issues associated with the overall threat.

Mark Brown Director of Information Security at Ernst & Young commented: "The results of our survey point at two necessary changes. On the one hand, businesses need to understand that information security can no longer simply be an IT issue. They need to transform their perception of information security and make it a board sponsored topic that is eventually embedded in the core strategy of a business.

"On the other hand, we need to look at the bigger picture – that of the lack of specialist skills. Since the late 1990s the number of UK-born graduates studying mathematics and science degrees has fallen by almost 70%. This has led to an increasing shortage in relevant skills and has put the UK's efforts to tackle growing cyber security risks on the backfoot."

Latest in Computing Security
Dark Web monitoring
How users benefit from Dark Web monitoring
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
View on National Assembly building in Paris, France, with French and European flags flying.
France rejects controversial encryption backdoor provision
ensure data security for your business
The complete data protection system for your business
ignal messaging application President Meredith Whittaker poses for a photograph before an interview at the Europe's largest tech conference, the Web Summit, in Lisbon on November 4, 2022.
"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections
Latest in News
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025