, Singapore

IDC worries over security risks in Asia Pac energy and utility organizations

Less than 10% of these companies have security policies and strategies implemented.

Although security professionals have fought hard to establish their place in organizations, the companies that they represent appear to lack the basic monitoring of security events, their frequency, nature or source. More insights are revealed in IDC Energy Insights’ report, “Business Strategy: Security Landscape in the Asia/Pacific Energy and Utility Industry”, which reveals the fundamental issues around core security initiatives among energy and utility organizations across Asia/Pacific.

With geographically distributed assets, proliferation of numerous edge devices, including smart meters, and a growing mobile workforce, attention to security has gained prominence in recent times. However, lack of experience dealing with security threats as well as limited budgets have hampered the broader and faster adoption of security policies.

It is evident that of late, IT security has gained prominence as opposed to other IT initiatives across all industries. In the energy and utility sector, development in IT security is driven by notable trends such as introduction of smart grid and smart metering solutions, global explosion of mobile devices, growing popularity of cloud computing and the rise of social media. Pressure is on organizations to ensure that their infrastructure, network and software are secured from external and internal threats.

Key findings from the survey reveal that:
75% of energy and utility organizations across Asia/Pacific (excluding Japan) or APEJ leave information security in the hands of the IT department. To safeguard against today’s highly sophisticated and organized attacks, IDC Energy Insights recommends that the responsibility of IT security should lie with a C-level security executive or equivalent whose job is to focus on security policies and not IT operations.

20% of the organizations surveyed do not align their security strategies with business objectives. This strategic move is imperative to ensure that appropriate metrics are in place for security executives to determine the effectiveness of their strategies.Only 50% of the respondents are very confident that the information held by their organization is protected from external attacks. They are slightly more confident (56%) about internal threats.

Most organizations are reactive instead of proactive in managing security risks. Although data security and access management is taking center stage, organizations need to look beyond such basic security measures and proactively look out for anomalies.

"Most companies that we have surveyed recognized the need for security management. While this is a positive sign, less than 10% of these companies have security policies and strategies implemented. In many cases, even the basic control measures are nonexistent, making adoption of the latest technologies such as cloud computing risky", says Debashis Tarafdar, Head for IDC Energy Insights Asia/Pacific. 

 

Photo from Oked

Join Asian Power community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!