A survey, which canvassed nearly 1,900 senior executives in more than 60 countries, shows that 75% of respondents are concerned with the possible reprisal from employees who have left their organizations.
The 12th annual Ernst & Young Global Information Security Survey also reveals that lack of adequate security budgets and resources are becoming major concerns for senior IT professionals.
The survey finds that 42% of respondents are already trying to understand the potential risks related to this issue and 26% are already taking steps to mitigate them.
It says allocating adequate budget to information security continues to be a challenge in 2009, with 50% of respondents ranking this as a high or significant challenge — a notable increase of 17 percentage points over 2008.
Despite this level of concern, the survey says, less than half (40%) of respondents plan to increase their annual investment in information security as a percentage of total expenditures, while 52% plan to maintain the same level of spending.
The survey also reveals that regulatory compliance is a top priority for information security leaders and continues to be an important driver of information security improvements.
When the survey asked how much their companies were spending on compliance efforts, 55% of respondents indicate that regulatory compliance costs account for moderate to significant increases in their overall information security costs.
Only five percent of respondents plan on spending less over the next 12 months on regulatory compliance.
Due to a heightening occurrence of data breaches, data protection is at the forefront of many information security leaders’ minds. Implementing or improving Data Leakage Prevention (DLP) technologies — the combination of tools and processes for identifying, monitoring, and protecting sensitive data or information — is the second-highest security priority in the coming 12 months.
Forty percent of respondents rank this as one of their top three priorities.
According to the survey, one of the most startling findings is how few companies encrypt their laptops. Only 41% of respondents currently encrypt them, with 17% planning to do so in the next year.
This is surprising, says the survey, given the number of breaches that have occurred due to loss or theft of laptops, that encryption technology is readily available and affordable and that the impact to users during deployment is relatively low.
The survey fieldwork was conducted between June and August 2009 and findings were revealed Tuesday, Nov. 10. The results were primarily collected through interviews held with executives from organizations across major industries.