China lags behind global levels of information security and the gap is in the policy environment and business awareness – not in technology, PricewaterhouseCoopers said yesterday in Shanghai. Chinese firms lack protection of privacy, intellectual property and internal control, according to the fifth annual Global State of Information Security Study 2007 jointly conducted by PWC, CIO Magazine and CSO Magazine.
Only 31 percent of Chinese respondents conduct periodic threat-and-vulnerability (TVM) assessments, compared with 42 percent globally. Meanwhile, just 28 percent of Chinese respondents have intellectual property protection policies and procedures compared with 40 percent of the total surveyed, according to the study which covered 7,200 IT, security and business executives. Eleven percent were from the Chinese mainland and Hong Kong.
A lack of maturity in China’s information security safeguards has impacted business, with the highest percentages reported for financial losses (23 percent) and intellectual property theft (18 percent) being in China, according to the survey. The reason for that is the lack of related laws, such as data privacy protection, and a regulated business environment in China, according to Charlie Fu, PWC’s Shanghai-based partner in system and process assurance. Finance, telecommunications and dotcom firms in China urgently need to strengthen information security as they have hugely sensitive data on their clients, Fu added.
Chinese firms should employ information security experts, develop standard processes and infrastructure, secure remote access and deploy spyware and network firewalls, according to PWC.
