A worldwide survey of how small to medium sized financial and business services companies and their clients handle IT security shows the Asia Pacific region is behind Europe, Middle East and Africa (EMEA) and the Americas in terms of its vigilance about security practices.
The survey surveyed 600 companies with a turnover of between US$1.5 million and US$100 million and was commissioned by BKR International, an association of independent accounting and business advisory firms, and British IT security consultancy MWR InfoSecurity.
It found that financial firms in EMEA pay more attention to implementing IT security procedures for themselves and their clients than their counterparts in the Americas or Asia Pacific regions.
Don Timmins, worldwide chairman of BKR International, said, “Professional companies look after increasing amounts of third party data but it appears that not enough attention is being paid to IT security measures that will safeguard that information.
“While American companies spend more time on compliance and documentation it appears that this information is often not implemented since user-awareness training of team members in the Americas companies, and the percentage of money assigned to IT security, is poor when compared to Europe, the Middle East and Africa. However, in the Asia Pacific region it is even worse,” Timmins said.
Employee contracts, third party contracts and letters of engagement, stipulating IT security policies and non-compliance in Asia Pacific, are lower than both EMEA and the Americas, with only 17 per cent of companies in the Americas reporting that team members had regular IT security awareness training and just 11 per cent in the Asia Pacific region. This compared to 44 per cent in EMEA.
The whole idea of client data protection appears to be far more important in the Americas, with 76 per cent of companies indicating this, with EMEA lagging some 12 per cent behind and Asia Pacific again at the bottom of the list with only 54 per cent.
However, companies in all three areas spent little time in reviewing IT security policy.
Stephen Hamlet, executive director of the BKR International EMEA region, said: “IT security compliance in EMEA is worse than anywhere else with only 32 per cent of companies questioned saying it was of high priority, compared to 46 per cent in Asia Pacific and 57 per cent in the Americas. In EMEA, however, 78 per cent of companies thought ‘reputation’ – being seen to spend money on IT security – was a high priority, with only 53 per cent of companies in Asia Pacific believing that reputation was an issue and 47 per cent in the Americas.
“SMEs maintaining not only their own data but that of third parties must be sure to be even more secure. This is especially important when data is travelling all over the world. Data and information passed on to a local company looking after a subsidiary operation could jeopardise the whole international security and potentially have vast financial implications.”
