The deteriorating employment situation throughout the world is making companies think twice about the trustworthiness of employees. And when it comes to former employees, 75 percent of senior IT executives say they fear reprisal for laying them off, according to the 12th Annual Ernst & Young Global Information Security Survey.
The study polled 1,900 senior executives in more than 60 countries. Three-quarters of respondents said they were concerned with the possible revenge attacks from employees who left their organizations. Furthermore, 42 percent of respondents are already trying to understand the potential risks related to this issue and 26 percent are already taking steps to mitigate them.
"With the economy still in recession, employees that are made redundant may feel resentful towards their previous employer in a number of ways that may affect the smooth operation of an organization," said Paul van Kessel, global leader of Ernst & Young's Information Technology Risk and Assurance Services practice, in a statement. "Increasingly, the employer's IT system has become a common target and data theft is also prevalent. It is paramount that companies undertake a specific risk assessment exercise to identify their potential exposure and put in place appropriate risk-based responses."
Infosec budgets are also a concern to respondents. Half of them ranked this as a high or significant challenge, an increase of 17 percentage points over 2008. Yet, even with this level of concern, less than half (40 percent) of respondents plan to increase their annual investment in information security as a percentage of total expenditures, while 52 percent plan to maintain the same level of spending
Van Kessel says banks still need to play catch up with increasingly sophisticated IT-related threats. Cutting budgets for information security won't help. He says senior IT professionals "will need to improve efficiency and effectiveness while keeping spending to a minimum." Meanwhile, regulatory compliance is at the top of IT executives' list of priorities as a driver of infosec improvements. Fifty-five percent of respondents indicate that regulatory compliance costs account for moderate to significant increases in their overall information security costs. Only 5 percent of respondents plan on spending less over the next 12 months on regulatory compliance.
Due to a heightening occurrence of data breaches, data protection is at the forefront of many information security leaders' minds, according to the study. Implementing or improving data leakage prevention (DLP) technologies—the combination of tools and processes for identifying, monitoring and protecting sensitive data or information—is the second-highest security priority in the coming 12 months. Forty percent of respondents rank this as one of their top three priorities.
Still, many companies still need to get the basics down in terms of preventing data breaches. For example, the study shows that only 41 percent of respondents encrypt their company laptops. Only 17 percent intend to do so in the next year. Laptop theft, notes Ernst & Young, is one of the top means by which data breaches occur.
But Ron Koch, executive director with Ernst & Young's Information Technology Risk and Assurance Services practice, is hopeful.
"Improving the overall risk management function is one of the highest priorities for businesses as the levels of internal and external risks they must face continue to increase," he commented in a release. "Organizations are abandoning old paradigms by taking a holistic approach that integrates information security within the business. It is a more flexible, risk-based approach focused on protecting the organization's critical information. It is also better suited to the connected business model needed to support today's increasingly mobile and global workforce."