More than two-thirds (68 percent)
of respondents in Protiviti’s survey said they have elevated their focus on
information security in response to recent press coverage of so-called “cyber
warfare.” However, the number of companies that appear inadequately prepared
for a crisis is surprisingly high. When asked if their organizations have a
formal and documented crisis response plan for use following a data breach or
hacking incident, more than one-third reported that either their organizations
did not (21 percent) or they did not know (13 percent).
Data Policy and Retention/Storage
Issues
According to the survey results, many companies lack key data policies and are ineffective at managing data through proper retention and storage practices, including the classification of sensitive data. Approximately 22 percent of companies do not have a written information security policy (WISP) and 32 percent lack a data encryption policy. Not having these policies in place is an important consideration when a breach involves information covered by data privacy laws and can expose an organization to significant legal liability.
CIOs Take a More Strategic Role
As data security continues to play
a larger role in business operations and the use of so-called big data becomes
more integrated with strategic business objectives, CIOs are seeing their
responsibilities increase. The survey showed that more CIOs are taking
responsibility for data governance strategy, oversight and execution within
their organizations. Additionally, companies with documented crisis plans
enacted in response to a data breach or hacking incident have now begun to
involve their CIOs far more than ever before.
In 2012, only 58 percent reported that their CIO was involved in
addressing such an incident compared to 72 percent in 2013 (up 14 percent).
More information on customer service, support and IT can be found at www.SupportIndustry.com
No comments:
Post a Comment