Ernst & Young presents results of 2001 Information Security Survey

Click here to view and to download the Survey Report (Adobe Acrobat, 1,2M).

In June and July 2001, Ernst & Young conducted an Information Security Survey on over 100 companies in Russia and the CIS, in order to gain insight on how these businesses view IT risk and security in the connected economy. Companies operating in Russia and the CIS have the benefit of hindsight through observing Western businesses grow out of the "learning" phase in the Internet economy, and are in a position to learn from their mistakes.

Survey's findings at a glance:
How are businesses in Russia and the CIS impacted by the risks and security issues associated with the use of information technology?

• Information security issues are being addressed, with 99% of the Survey respondents implementing at least one type of security solution. The most commonly used security measures are antivirus software and firewalls.
  
  
• There is a higher emphasis on implementing technical security solutions (such as firewalls) as opposed to organizational security measures (such as formal security policies and procedures).
  
  
• 32% of respondents do not test their security measures to ensure that they are operating effectively.
  
  
• 65% of respondents experienced at least one type of computer security breach in the past 12 months, the main incidents being virus attacks, system penetration from the outside, denial of service and unauthorized insider access.
  
  
• 26% of respondents experienced critical business systems failures in the past 12 months. 78% of these either did not have Business Continuity Plans or have not tested them.
  [\\UL]
  
  How confident are these businesses in outsourcing their IT functions to third parties?
  • 68% of respondents currently outsource at least one IT function. The main functions outsourced are web-hosting and IT applications. The trend in outsourcing is likely to continue.
    
    
  • However, 73% of those who have outsourced their IT functions, are discontented in some way with their outsource providers, with 'lack of responsiveness' and 'costs expectations not met' being the main sources of dissatisfaction.
    [\\UL]
    
    How extensively are businesses in Russia and the CIS involved in eBusiness activities?
    • 78% of respondents have a web-site and 55% are undertaking eBusiness activities.
      
      
    • Security concerns and lack of resources, skills and expertise are the main inhibitors to the expansion of eBusiness.
      
      
    • 34% of respondents who are conducting eBusiness, do not have an eBusiness strategy.
      [\\UL]
      
      Ernst & Young has a network of 80,000 people in more than 130 countries. This includes over 2000 IT assurance and advisory professionals with unparalleled depth of experience and expertise in the information security and eBusiness sectors. In Russia and the CIS, our team specializes in the following service areas:
      • Security Risk Assessments (ethical hacking) on information systems and networks
        
      • Advisory services on computer policies and procedures
        
      • CyberProcess Certifications on your web-environment or systems
        
      • Assessment of your ability to carry out your eBusiness strategy securely
        [\\UL]
        www.eSecurityonline.com is Ernst & Young's website providing the latest updates on computer vulnerabilities, viruses and training in the information security sector.