The report, based on responses from more than 1,850 CIOs, CISOs and other information security executives in 64 countries, shows that organizations are implementing incremental improvements to their information security capabilities to provide short-term solutions—without tackling the issues associated with the overall information security threat.
With 31% experiencing a higher number of security incidents in the last two years, the need to develop a robust security architecture framework has never been greater, the advisory services firm says. However 63% of organizations have no such framework in place and only 16% of respondents report that their information security function fully meets the needs of the organization.
In addition, cloud computing continues to be one of the main drivers of business model innovation, the firm says, with the numbers of organizations using the cloud almost doubling in the last two years. However, 38% of organizations have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.
“The new normal for the CIO is that fast is not fast enough,” Paul van Kessel, Ernst & Young global IT risk and assurance services leader, said in a statement. “The velocity and complexity of change is happening at a staggering pace, with emerging markets, continuing economic volatility, off-shoring and increasing regulatory requirements adding to an already complicated information security environment.”