More than 70 percent of the 1,233 organizations surveyed did not list training and raising employees' infosec awareness as a priority, the 2004 Ernst and Young Global Information Security Survey showed.
The study also showed that companies continue to focus on external threats such as viruses - and are quick to buy firewalls and antivirus software - instead of internal threats.
"Companies face far greater damage from insiders' misconduct, omissions, oversights, or an organizational culture that violates existing standards," said Edwin Bennett, global director of Ernst & Young's technology and security risk services.
He advised companies to focus on creating a security-conscious culture in which the tone is set by upper management. Right now, only 20 percent of organizations view infosec as a CEO-level priority, he said.
www.ey.com/globalsecuritysurvey
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Melbourne Cloud & Datacenter Convention 2026
_(1).jpg&h=140&w=231&c=1&s=0)
