Fewer than half of New Zealand businesses feel that their information is secure, according to the Ernst & Young Global Information Security Survey, with network security their main concern. Only 45% of New Zealand respondents are satisfied that their business information is safe from external users.
"New Zealand businesses view securing their company's information as a business issue rather than an IT issue, as managers realise how heavily dependent their organisation is on information technology," says Susan Steedman, of Ernst & Young's information systems assurance group. More than 80% of New Zealand participants said they had the commitment of senior management to address information security issues.
The confidentiality of customer information is becoming essential for organisations interested in electronic commerce. In an increase from last year, 90% (up from 66%) of New Zealanders see authorised users as a significant threat to information security, yet many have not implemented basic controls to mitigate this threat. Only 64% of the organisations had a formal security policy.
Although 55% of New Zealand respondents have comprehensive business continuity plans (BCPs) to deal with system down time or failure, 69% have never tested them, compared to a world average of 38%. Steedman says this is the worst result of any country surveyed and defeats the purpose of BCPs which must keep pace with changes in technology and infrastructure if they are to work.
New Zealand also has one of the worst Y2K results of any country surveyed — only 2% of New Zealand respondents have achieved Y2K compliance, oddly dropping from 7% last year. The survey compares responses from 4200 IS managers in more than 30 countries.