The Global State of Information Security Survey: Perception versus reality gap

Despite optimism, companies must improve security strategies as incidents continue to rise.

Despite a rise in security incidents and decreasing IT budgets, information services executives around the world remain confident in their organisation’s security,according to the 2013 PwC Global State of Information Security Survey (GSISS). GISS is an online survey conducted by PwC, CIO, and CSO. Between February and April this year more than 9300 responses were collected from executives around the world, including 180 in New Zealand.

According to the survey 68 percent of executives are somewhat confident their organisations have been instilled with proper information security behaviours, and 70 percent responded saying their security efforts are effective.

Despite this 13 percent of executives reported 50 or more security incidents, and around half of respondents expec their security budgets to be trimmed in the next year

“Security models of the past decade are no longer effective. Today’s rapidly evolving threat landscape represents a danger that shows no signs of diminishing, and businesses can no longer afford to play a game of chance,” says Mark Lobel, a principal in PwC’s advisory practice.

“Companies that want to be information security leaders must prepare to play a new game – one that requires advanced skills and strategy to win against emerging threats.”

Cloud platforms, social networks and mobile devices are relatively new frontiers for enterprise security.

PwC says 88 percent of consumers use their mobile devices for personal and work purposes, but according to the survey only 45 percent of organisations have a mobile device strategy, and 37 percent have malware protections for mobile.

Only 40 percent of respondents say they have a social media security policy, PwC says this lags behind the actual adoption of social media technology in workplaces.

In today's world of ' big data', the survey also finds that most organisations are keeping looser tabs on their data today than in years past. While more than 80 percent say protecting customer and employee data is important, far fewer understand what that data entails and where it is stored.

Fewer than 35 percent of respondents said they have an accurate inventory of employee and customer personal data, and only 31 percent reported they had an accurate accounting of locations and jurisdictions of stored data.

“The decreased deployment of security and privacy tools is analogous to turning off your burglar alarm during a crime wave,” says Lobel. “Intruders are exploiting business ecosystems, leaving reputational, financial and competitive damage in their wake.

"Today’s information security leaders must acknowledge that a new way of thinking is required to achieve effective security. The very survival of the business demands that they understand, prepare for, and quickly respond to security threats.”

Follow CIO on

Twitter @cio_nz



Download CIO for your tablet here.

Click here to subscribe to CIO.

Sign up to receive free CIO newsletters.

Send news tips to