“84% of British Businesses are at risk due to fragmented security controls reveals Atos Consulting”
London, 3 April 2007
Survey also finds that employee behaviour presents one of the biggest threats to business and yet HR in most companies are unaware of their risk management challenge
Despite growing awareness of security and information risk issues at board level across UK organisations and an increase in budget allocation for risk management, 84% of businesses are at risk due to fragmented security controls. This is according to a recent survey conducted by Atos Consulting, the business consulting arm of Atos Origin, jointly with the National Computing Centre.
The findings from the survey highlight the need for governance and integration of security across the entire business in order to ensure that the additional investment does deliver value. Only 7% of respondents felt that management controls were fully integrated in their organisations.
One example of fragmented governance is that Human Resources (HR) security in the majority of organisations is not aligned to the head of security or Chief Information Security Officer. 55% answered that the security and information risk function has no responsibility for HR, while 75% of respondents said that one of the biggest threats to the integrity of business controls comes from within their organisations.
“Organisations need a single approach to risk management in order to efficiently and cost effectively protect the company's reputation,” says Mark Jones, head of risk management and security services for Atos Consulting. “The survey specifically reveals that the HR function within companies should have a more clearly defined role regarding enterprise risk management policy and enforcing employee adherence, particularly given the recently-reported issues regarding sensitive information on stolen laptops.”
Other Key findings:
- Over 70% of companies report an increased level of attention to risk management and security at the head of IT level
- 50% of companies report an increased level of attention to risk management and security at the board level
- Increased awareness across the business has a direct, positive affect on risk management budgets, with only 6% of respondents reporting a decrease of their budget in the coming year
- 40% of companies reportedly expect an increase in their risk management budget in the coming year
Recognition of the need for business continuity is the main driver for increased risk management spend allocation for 2007, with over 50% of respondents identifying business resilience / business continuity as a key priority. Compliance, risk assessment and treatment, and physical and environmental security were also among the most popular risk areas of focus for companies next year. This is in line with what companies believe to be their key business drivers for security, with 59% of companies choosing business resilience and compliance with legislation and regulation as top priorities.
“Business continuity topping the agenda is not a surprise, given the lessons identified following the events of 9/11 in New York, the July bombings in London and the fire at the Buncefield fuel depot in December 2005,” continued Mark Jones.
Although embedding stronger alignment between business and IT controls is one of the main budget items for companies in 2007, at a project level this translates to a significant two thirds of companies evaluating or deploying a single sign-on solution within the next two years.
Despite an increased awareness of risk management at the board level, only 16% of companies have a chief information security officer, which implies that this role is still quite immature, but developing. In 84% of companies, the person responsible for information security is still someone who sits within the IT function. However, almost 40% of companies do have a chief information officer with responsibility for information security.
The survey was designed by Atos Consulting and conducted independently by the National Computing Centre. The results were compiled from 99 web-based questionnaires completed by senior risk management professionals across a variety of vertical sectors.
About Atos Origin
Atos Origin is an international information technology services company. Its business is turning client vision into results through the application of consulting, systems integration and managed operations. The company's annual revenues are EUR 5.4 billion and it employs over 50,000 people in 40 countries. Atos Origin is the Worldwide Information Technology Partner for the Olympic Games and has a client base of international blue-chip companies across all sectors. Atos Origin is quoted on the Paris Eurolist Market and trades as Atos Origin, Atos Euronext Market Solutions, Atos Worldline and Atos Consulting.
About Atos Consulting
Atos Consulting, the global consulting practice of Atos Origin, is a leading provider of business, process and technology consulting services. With more than 2,500 staff globally, it focuses on delivering proven, pragmatic solutions to the telecom, manufacturing, financial services and public sectors.
About the National Computing Centre
The National Computing Centre (NCC) is the UK's leading IT membership organisation, serving corporate, vendor and government communities.
Working with our corporate members, we seek to help them achieve operational excellence, professional recognition, and the realisation of their ultimate career potential. In serving the UK Government community, NCC seeks not only the achievement of operational excellence, but also a wider public purpose relating to wealth creation and the enhancement of the UK as a leading knowledge economy. In serving the IT vendor community, we are committed to ensuring IT products and services meet the needs of our corporate (public and private sector) members.
We champion the effective use of IT to help maximise the competitiveness of our members' businesses and our role is to develop and promote best practice, standards and professionalism in IT management. NCC is a social enterprise.
For further information, contact:
Tel: +44 20 7830 4233
Tel: +44 20 7878 3000