Data security top concern of Singaporean firms: survey

Protecting corporate data emerged as the top security concern for Singapore companies, with improving information security risk management coming at a close second, a survey on information security revealed Wednesday.

While challenged by inadequate security budgets and resources, data protection and improving the management of information security risks are major concerns for senior IT professionals, according to the 12th annual Ernst & Young 2009 Global Information Security Survey. The survey canvassed nearly 1,900 senior executives in more than 60 countries. 105 survey respondents were from Singapore, of which a 27% majority was from the financial services and insurance sectors.

The increased focus on data protection was most pronounced in the financial services and insurance sectors, where 79% of the respondents in this sector, in contrast to 39% in other sectors, had indicated plans to invest more in data protection.

Data protection and improving the management of information security risks were also the top two security priorities globally, although global respondents were inclined to spend more in information security risk management (50%) than data protection (43%) over the next year.

Gerry Chng, Ernst & Young’s Far East Area Leader for Information Security says: “The escalating mobility of information with the use of new technologies are compelling companies to re-examine the inherent risks and shift from a conventional ‘keeping the bad guys out’ approach to protecting critical information proactively no matter where it resides. The heightening occurrence of data breaches has put data protection at the fore of people’s minds, with data protection technologies and processes set to gain increased importance. Companies need to truly understand how information is accessed and used within their business processes before it can begin to manage its security needs.”

Lack of budget and resources poses challenges
Allocating adequate budget and resources to information security remains a challenge in 2009.
50% of Singapore respondents ranked having adequate budget as a “high” or “significant” challenge, while 53% indicated availability of resources as a “high” or “significant” challenge.

This finding is also particularly striking in light of the fact that 40% of respondents indicated that they planned to increase their annual investment in information security as a percentage of total expenditures and 57% planned on maintaining the same level of spending. A similar trend was observed for the global respondents.


John Chin, Ernst & Young’s Asean Leader for IT Risk & Assurance Services, comments: “Information security today already requires a lot more investment, as companies race to catch up with an accelerating threat landscape, after a much delayed start. However, budgets and technical resources are still limited and this is a real operational concern for many. Information security is not immune to external economic forces and senior IT professionals are expected to improve efficiency and effectiveness while keeping spending to a minimum. Having a well-thought-out information security strategy for the next one to three years can help to build a business case for appropriate budget allocation.”