Ernst & Young’s Associate Director of Technology and Security Risk Services, Devendra Parulekar, has been quoted as saying, “Organizations are beginning to recognize that information security can deliver more than just protection for information.” while releasing the 10th Annual Global Information Security Survey report.
The survey had been conducted in the latter half of 2007 while interviewing 1,300 senior executives in over 50 countries. Of these India, with 114 respondents, emerged as the second largest contributor.

The survey also reveals that the total number of organizations fully incorporating information security function with risk management operations have increased from 19% in 2006 to 39 percent in 2007. 73% of the CEOs and 64% of CIOs, consider protecting privacy related information managed by their organization as very, very important. 58% of those interviewed deemed privacy and data protection at the top of the list for information security.
While 69% of respondents world wide recognized the Improvement of IT and operational efficiency as important elements of information security, 79% of the Indian respondents thought so. But whereas in 75% of instances globally, third-party services for information security design were used, Indians used them at a lower rate of 63%.
Information security, however, is still mainly visible at the IT department. According to the survey information security personnel are thrice as likely to confer with the IT department on a monthly basis as business unit leaders and corporate officers. The survey also reveals that 32% of the information security organizations do not meet with their audit committees or board of directors.
Finally, vendors and business partners do not demand as much as organizations for the management of third-party relationships. 39% of the Indian companies interviewed 48% of the rest of the world were of the opinion that vendors and business partners must have their own privacy procedures and policies and information security in position.