The rise of cloud computing has improved but also complicated the security landscape, according to the annual information security survey, conducted by PwC in conjunction with CIO and CSO magazines.

More than four out of 10 respondents report that their organisation uses cloud computing: 69 per cent for software-as-a-service, 47 per cent for infrastructure-as-a-service and 33 per cent for platform-as-a-service. Fifty-four per cent of organisations say that cloud technologies have improved security; while 23 per cent say it has increased vulnerability. The largest perceived risk is the uncertain ability to enforce provider security policies.

Mobile devices and social media represent a significant new line of risk – and a demand for prevention. Organisations are beginning to amplify their efforts to prevent mobile and social media based attacks. Forty three per cent of respondents have a security strategy for employee use of personal devices, 37 per cent have a security strategy for mobile devices and 32 per cent have a security strategy for social media.

Managing risks arising out of working with third parties is a growing concern. Dealing with security risks associated with partners, vendors and suppliers has always been an issue – according to this year’s survey it is getting worse. The full results of the Global State of Information Security 2012 including the industry-specific highlights are available www.pwc.com/giss2012.

PwC recently called on business and government leaders at the London Conference on to take ultimate responsibility for cyber security and collaborate more closely to address the pressing cyber threat.

The conference was hosted by the Foreign & Commonwealth Office with the aim of launching a more focused and inclusive dialogue between key cyberspace actors from across the world including from government, industry and civil society.

During the conference, PwC hosted a real time cyber crisis with actors and brought cyber threat to life to highlight the risks organisations face if they don’t have a comprehensive response capability.

PwC said cyber security is no longer only in the realm of the head of IT, it is up to senior leaders to put this at the top of their agenda and collaborate more closely with other organisations. Public-private organisations, industry bodies and regulators all have a role to play. The message is clear – no organisation in any sector is safe.

Six key steps have been outlined by PwC that organisations can take to help transform their mindset and their capabilities to address the growing threat:

Clarify roles and responsibilities: CEOs need to come to grips with the threats from the internet—which is why PwC has introduced the concept of the “cyber savvy CEO”. PwC believes that leadership by a cyber savvy CEO will enable the organisation to understand the opportunities and realise them securely and sustainably through effective security.

Reassess the security function’s fitness and readiness for the cyber world: Organisations already have IT security functions that may be doing a good job in protecting against traditional threats. But as new risks emerge such as social media and mobile technology, the focus needs to be upgrading or transforming the existing capabilities to ensure that the organisation’s responses to its security needs fully encompass cyber security.

Achieve 360-degree situational awareness: To align its security function and priorities as closely as possible with the realities of the cyber world, organisations need a clear understanding of the current and emerging cyber environment. This demands situational awareness, which is a prerequisite for well-informed decisions on cyber security actions and processes.

Create a cyber incident response team: Traditional organisational structures may have the unintended effect of hampering the quick and decisive responses needed in the cyber environment. A well-functioning cyber incident response team means an incident spotted anywhere in the business will be tracked, risk-assessed and escalated.

Nurture and share skills: Any organisation needs to invest in cyber skills. However, these are in short supply. Given the restricted supply of cyber-savvy talent, it is up to employers to find new ways of inspiring those with the skills and desire to keep their businesses safe.

Take a more active and transparent stance towards threats: The unpredictable and high-profile nature of cyber threats tends to engender a defensive mindset. By taking a more active stance, the organisation can show that it takes attacks seriously and will strive to bring offenders to justice.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.