More businesses expanding into cloud computing and social media are seeing higher levels of risks for security threats but information security updates lag, a new survey finds.

Ernst & Young released results of its 14th annual Global Information Security Survey on Sunday, compiling responses from 1,700 organizations.

Seventy-two percent of respondents said they were seeing increasing levels of risk from increased external threats. Meanwhile only about one third of respondents had updated their security strategy within the past 12 months.

Eighty percent of organizations are already using or considering using mobile tablets. Sixty-one percent are using or are considering using cloud computing services in the next year.

“Companies are asking themselves how to respond to new and emerging risks and whether their strategy needs to be revisited,” said Paul van Kessel, an Ernst & Young global IT Risk and Assurance Leader. “The focus must move from short-term fixes to a more holistic approach integrated with long-range strategic corporate goals.”

While 59 percent say they will increase information security budgets in the coming year, only 51 percent had a documented information security strategy.

Cloud computing funding was the top priority, with tablets and smartphones adoption ranking second in terms of challenges perceived as most significant. Encryption techniques for those technologies were used by 47 percent of the organizations.

‘Misguided Level of Trust’

Only 20 percent of respondents were taking stronger oversight on their cloud provider contract management process to mitigate risks associated with cloud computing. This indicates “a high and possibly misguided level of trust,” Ernst & Young said.

Kessel implied companies had to take security matters into their own hands, not relying on external security certification.

“These risks can represent a significant change to the way an organization operates and must be managed by formal enterprise and IT risk management procedures,” he said.

Malicious Attacks through Social Media

Seventy-two percent of respondents said external malicious attacks were their top risk. The use of social media presents a vulnerability since it allows for the possibility of phishing attacks, which often obtain users’ information through social media.

About 53 percent of companies deal with the problem by blocking access to sites “rather than embracing the change and adopting enterprise-wide measures,” Ernst & Young said.


Only 12 percent of respondents were thinking of bringing up security topics at board meetings and 49 percent of respondents said their information security functions were meeting the needs of their organizations.