Companies are ignoring customer demand for better Cyber Security

IT Governance survey finds surprising inaction in the face of growing customer scrutiny.

  • Monday, 19th August 2013 Posted 11 years ago in by Phil Alsop

Despite increasing calls for improved cyber security by an overwhelming majority of customers, a recent survey by cyber security experts IT Governance reveals that many suppliers are continuing to give the cold shoulder to protecting client information.


According to IT Governance’s international ‘Boardroom Cyber Watch’ survey of senior executive opinion about cyber security, a weighty 74% of respondents at home and abroad say their customers prefer to deal with suppliers with proven IT security credentials. A further 50%, meanwhile, say customers have enquired about their company’s security measures in the past 12 months.


Despite these burgeoning cyber security concerns, however, the survey notes that a surprising majority of respondents have yet to take up the gauntlet and comply with international best practice standards.


It reveals that, despite being known to 87% of participating organisations, ISO/IEC 27001 is complied with by only 35% of respondents. An international best practice standard designed for any organisation seeking a structured framework to address cyber risk, ISO/IEC 27001 significantly improves an organisation’s information security and resilience.


The 2013 cyber report also finds that a substantial minority - over 40% - of senior executives and IT professionals say that their company is either making the wrong level of investment in information security, or are unsure if their investment is appropriate.


Alan Calder, Founder and Executive Chairman of IT Governance, says: “When deciding on IT investments, it’s important to recognise that information security is about far more than shoring your company up against cybercrime. Rather than viewing the ability to offer proven information security credentials as an unwelcome cost, it should be seen as a competitive advantage.”


“Indeed, given that a globally recognised best practice framework for addressing the risks related to systems, people and technology already exists in the shape of ISO/IEC 27001, it’s surprising to see such a large number of suppliers still resisting the opportunity to demonstrate their credibility.”


Calder says: “In the face of constantly evolving new threats around the globe, the need for increased compliance is a fact of life. Companies must therefore ensure that their defences are in a state of constant evolution - so much so that any organisation which handles customers’ personal data, for example, but is not compliant with ISO27001, is at risk of displaying overt negligence.”


“If you’re serious about giving your company cast-iron security credentials, it’s essential to implement and maintain compliance with an internationally recognised security standard. Compliance doesn’t just open the door to more business; it allows you to sleep more soundly at night.”


The ‘Boardroom Cyber Watch 2013’ study was conducted online in April and May 2013, with the aim of shining fresh light on how company directors and board members currently perceive IT security issues. Incorporating chief executives, board directors and IT professionals, its 260 respondents represent organisations of all sizes, with revenues ranging from less than US$5m to more than US$500m. The sample is truly international: while the majority are from organisations based in the UK and United States, respondents from South America, Central Europe, Africa, the Middle East, Asia, Australia and New Zealand have also contributed.