Half of oil and gas companies have no information security strategy in place

The survey of global IT executives also discovered that oil and gas companies still lag behind other industries in formulating approving, and executing information security policies, as well as getting buy-in from senior management.

"In oil and gas companies, awareness of appropriate security policies and best practices is still not good enough. They need to be better prepared to prevent and manage security breaches. This is not the time to reduce the budget for IT security and compliance", commented Roberta Bigliani, head of Europe, Middle East, and Africa IDC Energy Insights.

Of the top three information security threats perceived by oil and gas companies, the greatest is state or industrial espionage, followed by employee error or accidental loss of sensitive information, and vulnerabilities owing to insecure code, the survey found.

In addition, 55% of survey respondents indicated an expected increase in their information security budget over the next 12 months. Only 10% of the respondents indicated that they are using regulatory compliance as a requirement to justify budgets. In fact, almost 25% of respondents said that the regulatory environment was a barrier to ensuring information security

More than 31% of US respondents stated that information security was a top IT initiative at their company in 2011, but only 12% of the respondents indicated that they are actually making investments to improve information security and mitigate risk.

"Software spending is increasing for client security solutions such as antivirus and antimalware. Investment in security appliance solutions such as firewalls and intrusion prevention remains low this year, as just 10% of the survey respondents indicate investing in them", concluded Usman Sindhu, senior research analyst at IDC Energy Insights.

What’s Hot on Infosecurity Magazine?