Cloud computing adoption worldwide has doubled since 2010, but 38% of the respondents in a global Ernst & Young's survey said no security measures were implemented to mitigate risks.
Instead, organizations have been implementing incremental improvements to their information security capabilities to provide short-term solutions -- without tackling the issues associated with the overall information security threat. In the last two years, 31% of the responding organizations experienced a higher number of security incidents.
Sixty-three percent of the organizations had no security architecture framework in place, and only 16% of respondents reported that their information security function fully met the needs of the organization.
The findings are based on Ernst & Young's Global Information Security Survey 2012 report released today. The survey was conducted on 1,850 CIOs, CISOs and other information security executives in 64 countries.
Fluid technology landscape
New technology trends like cloud computing, mobility and big data are opening up tremendous opportunities for organizations; but also potential threats from previously unknown sources.
Cloud computing continues to be one of the main drivers of business model innovation, with the numbers of organizations using the cloud almost doubling in the last two years. However, 38% of organizations have not taken any measures to mitigate the risks, such as stronger oversight on the contract management process for cloud providers or the use of encryption techniques.
Organizations recognized that the risk environment is changing, as the frequency and nature of information security threats increase and the number of security incidents rises. Over three-quarters (77%) of global respondents agreed that there is an increasing risk from external attacks, but this is not the only source for concern for global organizations, with 46% reporting that internal vulnerabilities are also on the rise.