More than 70 percent of the 1,233 organizations surveyed did not list training and raising employees' infosec awareness as a priority, the 2004 Ernst and Young Global Information Security Survey showed.
The study also showed that companies continue to focus on external threats such as viruses - and are quick to buy firewalls and antivirus software - instead of internal threats.
"Companies face far greater damage from insiders' misconduct, omissions, oversights, or an organizational culture that violates existing standards," said Edwin Bennett, global director of Ernst & Young's technology and security risk services.
He advised companies to focus on creating a security-conscious culture in which the tone is set by upper management. Right now, only 20 percent of organizations view infosec as a CEO-level priority, he said.
www.ey.com/globalsecuritysurvey
.jpg&h=140&w=231&c=1&s=0)
_(39).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
