Executive Briefings

Retail, Consumer Execs Feel Their Security Measures Are Effective Despite Constrained Budgets

Despite tight budgets preventing retail and consumer (R+C) executives from updating security programs and causing them to fall behind, many remain confident in their business practices, according to findings from PwC's new report, "R+C Insights: Changing the Game." The report surveyed more than 1,100 senior R+C industry executives and found that regardless of this lag in technological advances, adversaries are becoming ever more sophisticated, breaching the defenses of business ecosystems and leaving reputational, financial and competitive damage in their wake.

Sixty-nine percent of respondents said they are confident their company's security activities are effective; however, according to PwC, they may not realize that assurance has dropped considerably since 2008, when 83 percent of respondents expressed confidence in their security program. PwC suggests that executives adopt a new way of thinking in order to achieve effective security, such as implementing risk-assessment strategies and aligning security investments with identified risks as well as embracing that information security is both a means to protect data and an opportunity to create value.

Among key findings, PwC found that companies are mostly influenced by economic conditions, rather than the business value of good information security, when determining security budgets. Furthermore, R&C companies are struggling to keep pace with the adoption of cloud computing, social networking, mobility and the use of employee-owned devices, failing to incorporate these into their security policies.

Other findings include:

Forty percent of respondents expect security budgets to increase in the year ahead, down sharply from 51 percent in 2010.

Seventy-two percent of respondents say their business has an information security strategy in place, up from 61 percent in 2011, and 47 percent have implemented a business continuity / disaster recovery plan this year.

Thirty-one percent of respondents say their organization plans to implement an enterprise social networking program for employee communication and collaboration, while 25 percent say enterprise social networking is already in place.

Fifty-six percent of respondents say they are prepared to protect sensitive data in the cloud or other third-party environments, while their biggest concerns are ensuring compliance with data security regulations, limitation of liability, and a reduced ability to negotiate and enforce data protection.

Eighty percent of respondents say protecting customer and employee data is important, but only 28 percent say they have an accurate inventory of the stored data.

Source: PwC

Sixty-nine percent of respondents said they are confident their company's security activities are effective; however, according to PwC, they may not realize that assurance has dropped considerably since 2008, when 83 percent of respondents expressed confidence in their security program. PwC suggests that executives adopt a new way of thinking in order to achieve effective security, such as implementing risk-assessment strategies and aligning security investments with identified risks as well as embracing that information security is both a means to protect data and an opportunity to create value.

Among key findings, PwC found that companies are mostly influenced by economic conditions, rather than the business value of good information security, when determining security budgets. Furthermore, R&C companies are struggling to keep pace with the adoption of cloud computing, social networking, mobility and the use of employee-owned devices, failing to incorporate these into their security policies.

Other findings include:

Forty percent of respondents expect security budgets to increase in the year ahead, down sharply from 51 percent in 2010.

Seventy-two percent of respondents say their business has an information security strategy in place, up from 61 percent in 2011, and 47 percent have implemented a business continuity / disaster recovery plan this year.

Thirty-one percent of respondents say their organization plans to implement an enterprise social networking program for employee communication and collaboration, while 25 percent say enterprise social networking is already in place.

Fifty-six percent of respondents say they are prepared to protect sensitive data in the cloud or other third-party environments, while their biggest concerns are ensuring compliance with data security regulations, limitation of liability, and a reduced ability to negotiate and enforce data protection.

Eighty percent of respondents say protecting customer and employee data is important, but only 28 percent say they have an accurate inventory of the stored data.

Source: PwC