Asia/Pacific Energy and Utility Organizations are Aware of Security Risks but Gaps Exist between Good Intentions and Policy Implementations, Says IDC Energy Insights

Singapore and Hong Kong – July 12, 2011 – Although security professionals have fought hard to establish their place in organizations, the companies that they represent appear to lack the basic monitoring of security events, their frequency, nature or source. More insights are revealed in the report,“Business Strategy: Security Landscape in the Asia/Pacific Energy and Utility Industry” (Doc # AP9492104T, June 2011), which reveals the fundamental issues around core security initiatives among energy and utility organizations across Asia/Pacific.

With geographically distributed assets, proliferation of numerous edge devices (including smart meters) and a growing mobile workforce, attention to security has gained prominence in recent times. However, lack of experience dealing with security threats as well as limited budgets have hampered the broader and faster adoption of security policies.

It is evident that of late, IT security has gained prominence as opposed to other IT initiatives across all industries. In the energy and utility sector, development in IT security is driven by notable trends such as introduction of smart grid and smart metering solutions, global explosion of mobile devices, growing popularity of cloud computing and the rise of social media. Pressure is on organizations to ensure that their infrastructure, network and software are secured from external and internal threats.

Key findings from the survey reveal that:

75% of energy and utility organizations across Asia/Pacific (excluding Japan) or APEJ leave information security in the hands of the IT department. To safeguard against today’s highly sophisticated and organized attacks, IDC Energy Insights recommends that the responsibility of IT security should lie with a C-level security executive or equivalent whose job is to focus on security policies and not IT operations.

20% of the organizations surveyed do not align their security strategies with business objectives. This strategic move is imperative to ensure that appropriate metrics are in place for security executives to determine the effectiveness of their strategies.

Only 50% of the respondents are very confident that the information held by their organization is protected from external attacks. They are slightly more confident (56%) about internal threats.

Most organizations are reactive instead of proactive in managing security risks. Although data security and access management is taking center stage, organizations need to look beyond such basic security measures and proactively look out for anomalies.

"Most companies that we have surveyed recognized the need for security management. While this is a positive sign, less than 10% of these companies have security policies and strategies implemented. In many cases, even the basic control measures are nonexistent, making adoption of the latest technologies such as cloud computing risky", says Debashis Tarafdar, Head for IDC Energy Insights Asia/Pacific.

For more information about this report, “Business Strategy: Security Landscape in the Asia/Pacific Energy and Utility Industry” (Doc # AP9492104T, June 2011), please contact Sheryl Fuertez at +65-6829-7758 or sfuertez @idc.com.

To set up an interview with Debashis Tarafdar, contact Lay Fang Tan at lftan@idc.com.

###

For more information, please contact:
Debashis Tarafdar
dtarafdar@idc.com
+65-6829-7790

Lay Fang Tan
lftan@idc.com
+65-6829-7731