This article is 22 years old. Images might not display.
A recent KPMG global survey shows that executives in the energy industry are grasping the importance of information security, but still feel susceptible to a security breach, says Mark Puzey, KPMG’s International IT Governance Leader based in Australia.
The study also highlights the gap between the increasing IT challenges faced by the energy sector and the ability of Boards and Executives to link IT investment with shareholder value.
Of the 102 energy leaders surveyed, 35 percent reported that their companies are at least somewhat susceptible to a serious security breach. Twenty-seven percent of the energy executives said threats to information security have increased in the past two years, and 41 percent anticipate that threats will increase in the next two years.
“What we are seeing coming through in the survey is an indication that, while executives recognize the risks, they are not yet properly prepared,” said Mr Puzey.
On a positive note, the survey found that energy companies are rapidly hiring security professionals, developing plans and increasing budgets. Seventy-four percent of the respondents said their firms have hired a full-time information security specialist. Eighty-three percent have developed a catastrophe response plan.
“The recent tragic events of September 11 will see organisations focus intensely on enterprise-wide risk. There has been progress in IT security but the sector is still a long way off having comprehensive information security programs in place.”
In terms of how far along they are in implementing a comprehensive security program, 63 percent felt that they were 75-100 percent of the way there, 18 percent said 50-75 percent and 14 percent said 0-50 percent.
A major hurdle exists in the understanding of the issue. For example, the KPMG survey found that 59 percent of the respondents ‘view information security as a technology problem that can be handled by a technology solution.’ Only 39 percent view information security as a strategic business issue requiring an integrated organizational solution.
Mr Puzey maintains that while there are no perfect solutions out there, relative solutions, based on a real assessment of vulnerabilities and exposure can be very effective. A well-crafted security environment can enhance legitimate business practices while deterring the illegitimate. Security can be an enabler and can provide market advantage.
“Another gap in preparedness is that executives underestimate the source of threats,” says Mr Puzey.
Thirty-three percent considered hackers their greatest threat, and 42 percent felt that employees posed the greatest threat. Studies indicate that two thirds of incidents involve insiders.
The survey results leave doubt as to just how far companies are in educating employees, finding that non-management employees were significantly behind the upper ranks on being informed on information security matters. In fact, 82 percent of senior and executive management were completely informed and 19 percent said somewhat informed; only 12 percent regarded non-management employees as completely informed and 65 percent as somewhat informed. Twenty-four expressed that non-management staff was uninformed.
“Companies need to move aggressively in educating and informing employees. Employees are part of the problem and the solution. A security environment aimed primarily at preventing outsider intrusions is destined for failure.”
Another preparedness gap, according to the KPMG results, is that the energy industry is struggling in adopting best practices. In terms of what will keep the industry from implementing a comprehensive program, 50 percent expressed a lack of understanding about best practices.
In terms of e-business, 60 percent reported that their companies have a comprehensive e-business plan. Yet, when asked how adequately this plan addresses security, almost half, 49 percent, felt that they weren’t completed satisfied with it.
Mr Puzey and his colleagues believe that this is a disturbing outcome.
“Disasters such as the leakage of intellectual property, stoppage of business, or damage to corporate reputation impact shareholder value. If companies are moving on e-business plans without adequate security measures, it is a recipe for disaster.”
KPMG conducted its corporate information security survey in August, 2001. A majority of the interviews were with Fortune 1000 companies.
KPMG’s Australian Energy and Natural Resources Group supports companies in the oil and gas, power, utilities, mining and forestry sectors and is supported by KPMG’s Global Energy and Natural Resources Group. KPMG has 103,000 professionals, including 6,500 partners, in 152 countries around the world.
Click Here for a copy of the KPMG Transformations Energy Industry Survey or contact KPMG Energy and Natural Resources Group National General Manager, Helen Cook on (08) 9263 7342