Risk and Security not always aligned. Not enough non IT focus on security. Hardly surprising that organisational Information Security needs are not being met in enough organisations.
2. 46%
neveror
almost never
discuss
Information
Security at top
governing structure
of their organisation
56%
42% 38%
aligned to IT Strategyaligned to Business Strategyaligned to Risk Appetit
how is Information Security aligned in your
organisation?
3. planned spend increase of
5-15%
planned spend
increase of 25% or
more
With so little
boardroom
involvement and so little
specialist security
resourcing, how will any
additional spending be
effectively appropriately
controlled?
4. 63%
place IS
responsibility with
IT
5%
Have a Chief
Risk Officer
Source: Ernst & Young Global Information Security Survey 2012
Where does responsibility for Information Security sit in responding organisations?
Is it a surprise 70% say that their IS Function only
partiallymeets organisational needs?