This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

2010 Energy & Resources global security study

Continuing the journey


DOWNLOAD  

Like virtually all other industries in 2010, the industry that powers the world is faced with a myriad of changes. These changes may compel the Energy & Resources industry to revisit the way it protects its data, whether within its walls, in the hands of third parties, or in the sky, via cloud computing. Although E&R is unique and different from other industries in some aspects, many of its data protection and information security issues are similar to other industries. Issues highlighted by the 2010 Global E&R Security Study include the following:

  • Respondents cite a lack of alignment of information security goals and objectives with those of the business; as a result, many information security functions lack visibility and executive support and, to many respondents, the role of the information security executive is still considered predominantly an IT position.
  • While respondents indicate that security infrastructure improvement is still the top security initiative of the industry—understandable when industrial systems such as the electrical grid are so crucial—for the first time in our survey, data protection and information security governance and training are top-five initiatives.
  • Many respondents also recognize that outsourcing to third parties—so crucial to the support of the industry—has nonetheless outpaced security.
  • Despite its focus on infrastructure improvements, respondents indicate that internal people are the source of most security and privacy breaches.
  • The majority of E&R organizations who responded to the survey also indicate that they do not have a business continuity management strategy or plan.

The study focuses on additional key findings related to compliance, privacy initiatives, adoption of technology and investment in information security. The study also includes a section of findings based on questions specific to the E&R industry, such as its dependence on industrial control IT systems, typically used to monitor or control manufacturing and transport processes. As these industrial control IT systems become more “connected,” there is the risk of an increase of cyber-attacks by means of network intrusions, malicious codes, and unauthorized access.

Related Links

Stay connected

 

Stay connected:

Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments

More on Deloitte
Learn about our site


Recently blogged