China falling short on IT security: survey

Need for better information safety becomes urgent, Ernst & Young says

Most organizations in China have failed to meet ever-growing challenges to information security, even though they have taken some steps to improve the situation, an Ernst & Young survey has found.

The need for better information security has become quite urgent in China, especially after the exposure of the United States' program known as PRISM, a clandestine Internet and telecom surveillance system operated by the US National Security Agency.

Meanwhile, in early July, the National Business Daily, a Chinese newspaper, revealed that hackers could easily get access to confidential account information residing on major securities firms' systems, through certain software developed by Qihoo 360 Technology Co Ltd.

"Information security challenges, such as hacker attacks, are becoming severe," said Keith Yuen, EY China Advisory partner, at a Beijing news conference on Tuesday.

"Unless organizations transform their information security functions, few of them can keep up with the ever-changing risk landscape."

With escalating information security threats and increased information security incidents, organizations should recognize the risk environment is changing, the EY Global Information Security Survey said.

The EY survey covered 1,836 interviewees across 64 countries between May and July 2012.

Despite corporate security upgrades, the pace of external threats has picked up speed, the survey said. In 2009, 41 percent of respondents noticed an increase in external attacks. By 2011, that number had leaped to 72 percent, and it rose further to 77 percent in 2012.