Energy and resources companies make progress on security but no room for complacency: Deloitte

Energy and resources businesses are working hard to improve their security and to be one step ahead of the latest security threats, according to the 2008 Energy and Resources Global Security Survey published recently by Deloitte. Human error remains the greatest threat and firms still need to get to grips with the latest available security technology.

"Companies have been developing their security practices and credible progress has been made," said Simon Owen, the partner leading Deloitte's UK Enterprise Risk Services Technology group.

According to the survey, a majority of companies (62 percent) are "very confident" they are safe from an external attack, while 41 percent said they are "very confident" that they are safe from internal attack.

However, the need for security to remain a high priority is highlighted by the threats faced by business. More than half of respondents (53 percent) suffered from an email attack in the last 12 months and 44 percent have experienced repeated email attacks.

Survey responses indicate that companies fear external threats more than operational ones. Their greatest fear is social engineering, where individuals are duped into disclosing confidential data online. However, the most dangerous threat in fact comes from within, with 67 percent of companies citing ‘human error’ as one of the root causes for security failures–putting it ahead of technology and operations.

One way companies can stay on top of their information security is by training their staff. More than a quarter of organizations (29 percent) give their employees no training at all on information security or privacy issues, or how to identify suspicious activities. This is surprisingly low for a sector well versed in training its people.

The survey reveals that companies have developed a strong governance framework around their security. The majority of energy and resources organizations have appointed a chief information security officer. The majority of companies (72 percent) have information security governance frameworks and strategies in place. This senior leadership driving the information security governance framework reveals a long-term commitment to information security among energy and resources companies globally.

Other key findings:
* More than half of energy and resources companies (55 percent), including critical utilities and infrastructure organisations, have a formal business continuity plan in place;

* The survey reveals that although the majority of companies have some form of crisis management plan in place (81 percent), only a minority (27 percent) have specific crisis management teams or regularly test their crisis management plans.