Only 22 per cent of businesses consider their information security goals to be aptly aligned with their overall business objectives, resulting in many information security functions lacking visibility and executive support, said a report.

Many firms also reduced their security budget throughout 2010, added to the Deloitte 2010 Energy and Resources (E&R) global security survey titled “Continuing the Journey”, though investment in IT continued on an upward trend throughout the year.

The new survey presents results that were collated from respondents in a wide range of organisations located in markets which include the Middle East and Asia, Europe, Latin America and the Caribbean, Asia Pacific, Canada, the US, UK, and Japan.

“Without continuous investment in security and innovation, organizations that had their budgets cut within the Middle East may be unlikely to keep pace with the growing threats from increasing sophisticated attacks and emerging technologies,” said Tariq Ajmal, partner in charge of information and technology risk services at Deloitte Middle East.

Key highlights within the Deloitte 2010 Energy and Resources global security survey include:

• Only 17 per cent of Energy and Resources organizations track and monitor the effectiveness of information security controls and have integrated reporting and measurement into their information security programme.

• According to the survey respondents, security infrastructure improvement is a top security initiative, however, data protection, information security governance and training are also key endeavors they are undertaking.

• The majority of organizations who responded to the survey indicate that they do not have a business continuity management strategy or plan.

• The survey indicates that in general Energy and Resources organizations are often not equipped with the latest security technology and thus their ability to mitigate risk may be limited.

• A sizable number of E&R companies surveyed (38%) state that they are ‘late majority’ meaning that they use technologies that are proven. According to the study, technologies can only become proven over time; in the meantime, old hardware and out of date technology put data at risk.

• The survey results indicate that priorities have shifted dramatically in 2010 and the focus was on improving the infrastructure, creating a robust strategy that deals with setting the overall control framework, and training employees.

• Respondents cite increasing sophistication and proliferation of threats as a top concern that should be tackled by taking the initiative to improve the security infrastructure.

• One of the main concerns of the Energy and Resources industry emerging in the survey is the accidental breaches of information technology originating from inside the organization. Top threats include, ‘non-intentional loss of sensitive information’ and ‘employee errors and omissions’. Respondents indicated that they plan to counter these threats with information security training and awareness programs.

• A major finding in the survey is that one of the biggest challenges when implementing a data protection program is identifying the data that needs protection. Today, many organizations don’t know what data they should be protecting.

“The Energy and Resources industry appears particularly vulnerable to breaches of information security and privacy,” Ajmal added.

“They handle large quantities of distributed sensitive information and their reputations and business success hinge on safeguarding this information. Failure to acknowledge that fact will be detrimental to their overall business,” he concluded. – TradeArabia News Service