Deloitte LLP   Deloitte LLP
Global > United Kingdom > News room > News releases    
Energy and Resources companies make progress on security but no room for complacency
Published: 21/5/08
Contact: Laura Parsons
Deloitte
Public Relations
+44 (0) 20 7303 0885

  • 67% of companies cite “human error” as a root cause of security failures – ahead of technology and operations.
  • Over a quarter of organisations (29%) give employees no training on information security or privacy issues.
  • Majority of companies (70%) have appointed a Chief Information Security Officer and 72% have information security governance frameworks and strategies in place.

Energy and Resources businesses are working hard to improve their security and to be one step ahead of the latest security threats according to a global security report launched today by Deloitte. Human error remains the greatest threat and firms still need to get to grips with the latest available security technology.

Simon Owen, Lead Partner for Deloitte’s UK Risk Services and Technology practice commented:

“Companies have been developing their security practices and credible progress has been made. The majority of companies (62%) are “very confident” they are safe from an external attack, while 41% said they are “very confident” that they are safe from internal attack.

“However the need for security to remain a high priority is highlighted by the threats faced by business. Over half of respondents (53%) suffered from an email attack in the last twelve months and 44% have experienced repeated email attacks.

“There are still issues energy companies need to address to improve their security. Lack of resources is cited by 40% of companies as the biggest barrier. Investment is another area where over half of companies (53%) feel they aren’t on plan or ahead of the problem, due to their current level of expenditure. Lack of support is another issue and only half (53%) believe that senior management gives sufficient commitment to information security.

“Companies fear external threats more than operational ones. Their greatest fear is social engineering, where individuals are duped into disclosing confidential data online. However the most dangerous threat in fact comes from within, with 67% of companies citing “human error” as one of the root causes for security failures – putting it ahead of technology and operations.

“One way companies can stay on top of their information security is by training their staff. Over a quarter of organisations (29%) give their employees no training at all on information security or privacy issues, or how to identify suspicious activities. This is surprising for a sector well versed in training its people.

“To minimise the risks, organisations need to keep abreast of new security tools and their potential for improving security. The risks of disruption are further heightened by the fact that almost all respondents say that the security of their specific industry control systems (such as SCADA) is critical to the success of their organisation's business. Yet a majority of them have no program in place to assess that security.

“Fortunately, the global survey reveals companies have developed a strong governance framework around their security. The majority of Energy and Resources organisations have appointed a Chief Information Security Officer. The majority of companies (72%) have information security governance frameworks and strategies in place. This senior leadership driving the information security governance framework reveals a long-term commitment to information security among Energy and Resources companies globally.”

Other key findings

  • Over half of Energy and Resources companies (55%), including critical utilities and infrastructure organisations, have a formal Business Continuity Plan in place;
  • The survey reveals that although the majority of companies have some form of crisis management plan in place (81%), only a minority (27%) have specific crisis management teams or regularly test their crisis management plans.

Read more and download the report.

Ends 

For further information on Deloitte’s Security and Privacy services you can access our website at www.deloitte.co.uk/ers


About Deloitte
In this press release references to Deloitte are references to Deloitte & Touche LLP which is among the country’s leading professional services firms, providing audit, tax, consulting and corporate finance services. Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu (‘DTT’), a Swiss Verein whose member firms are separate and independent legal entities.  Neither DTT nor any of its member firms has any liability for each other’s omissions.  Services are provided by member firms or their subsidiaries and not by DTT.  Deloitte & Touche LLP is authorised and regulated by the Financial Services Authority.  The information contained in this press release is correct at the time of going to press.
Contact us for more information
 
Page Last Updated: 21 May 2008
Source: Deloitte LLP - United Kingdom (English)

Print This Page    Email To A Colleague
  Security | Legal | Privacy    

© 2008 Deloitte LLP. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity.

Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms.

Email alertsMobile
Bookmark   (What's this?)