Channel Islands businesses need to take information security seriously to prosper in Asia

Businesses are seriously over-estimating the strength of their information security measures and could be reducing their attractiveness to potential clients in emerging markets, according to a major global survey published recently by PwC.

Nick Vermeulen, Head of Advisory Services at PwC Channel Islands, believes the key findings of the 2013 PwC, CIO magazine and CSO magazine’s ‘Global State of Information Security Survey’, are of significant importance to businesses in Guernsey and Jersey looking to expand eastwards.

The 10th annual survey of more than 9,300 top-ranking executives from 128 countries found that 68% of respondents were confident in the effectiveness of their organisation’s information security activities, whilst 42% viewed their organization as a ‘front-runner’ in information security strategy and execution.

However, the survey found that only 8% actually qualify as true information security leaders – defined by PwC as companies that have a chief information security officer or equivalent in place, have an overall information security strategy, have measured and reviewed the effectiveness of their security in the last year, and understand exactly what types of security events have occurred.

Worryingly, the survey also found that most organizations are keeping looser tabs on their data today than in past years, with fewer than 35% of respondents saying they have an accurate inventory of employee and customer personal data.

Nick Vermeulen highlighted that of particular significance for the Channel Islands was that Asia currently leads the world in security practices and performance, rating particularly highly for mobile security initiatives and cloud security strategy. He commented:

“This trend is highly relevant for our finance industries locally, which are affected by the global shift of capital flow to the east. We need to factor in the expectations these markets will have around how we do business with them. If Guernsey and Jersey are to succeed in building strong relationships with them, we need information security that meets or exceeds their own standards. There will also be a high benchmark set for us to reach on every aspect of how we use digital technology to communicate and do business.

“There is also an urgent need for both islands to have strategies in place for developing a digital economy. We must ensure businesses operating from our islands have all the support they need both to get the basics right and transform their businesses to a digital model and prosper.”

Matthew Parker, Risk Assurance Manager at PwC Channel Islands, added:

“This survey emphasises just how important it is for organisations to ensure their boards grasp the risks to the business and the steps needed to manage them. There is an opportunity to maximise the investment made in managing these risks by thinking of information security as both a means to protect data and an opportunity to create value for the organisation. Establishing the Chief Information Security Officer role should be a major priority for most organisations.”