Companies on the mainland have made a significant effort to technologically improve security, yet they still lag behind in privacy safeguards, according to a new report by accounting firm PricewaterhouseCoopers.

The survey, conducting of more than 7,000 information technology executives from 119 countries and regions, shows that the mainland has made important gains in its deployment of security technology.

About 68 percent of respondents from the mainland reported to have installed application firewalls - 1 percent more than the global average - while 59 percent have deployed web-service security measures, versus the global average of 58 percent.

However, when looking at security from a strategic and management perspective, only 34 percent have established standards and procedures for technology infrastructure deployment, as compared with the global average of 51 percent. And around 33 percent are said to have comprehensive business continuity or disaster recovery plans in place - 22 percent behind the worldwide average.

PricewaterhouseCoopers said mainland companies should take the opportunity to maximize the value of the security technologies already deployed, through implementing a cohesive security strategy, as to utilize management processes and human resources of information security.

"Most of the companies acknowledge the need for information security, and they do not hesitate to invest in the technology. However, they seem to have neglected the importance of deploying the right people and process to safeguard the information security," said Kenneth Wong of PricewaterhouseCoopers' security advisory division in the Greater China region.

Wong added that 44 percent of the security incidents at mainland companies were associated with data exploitation. That's compared to a global average of 15 percent.

The estimated total financial losses because of the security incidents amounted to around HK$7.62 million, on average. That's compared with the Asian average of about HK$5.77 million.

The survey also revealed that only 17 percent of the respondents in Hong Kong require their employees to complete training on privacy policy and practices, compared with 41 percent worldwide.

In a global prospective, many organizations do not have much knowledge on the security events they have encountered, despite technology advancement on information security measures, Wong said.

The report showed that around 35 percent of the companies worldwide didn't know how many incidents occurred, while 44 percent didn't know the types of security incidents that occurred.

Wong said the findings have put the spotlight on information security and data management.

(HK Edition 10/31/2008 page2)