Through a survey conducted in the middle of 2012 it was found that 68 percent of organizations assessed the efficiency and effectiveness of their information security functions through assessments performed by internal audit functions.
How does your organization assess the efficiency and effectiveness of information security?
Characteristic
Share of respondents
Assessments performed by internal audit function
68%
Internal self-assessments by IR or information security function
64%
Assessment by external party
56%
Monitoring and evaluation of security incidents and events
48%
In conjunction with the external financial statement audit
35%
Benchmarking against peers/competition
27%
Evaluation of information security operational performance
19%
Formal certification to external security standards (e.g. ISO/IEC 27001:2005)
15%
Formal certification to industry security standards (e.g. Payment Card Industry Data Security Standards)
15%
Evaluation of information security costs
14%
Evaluation of return of investment (or similar such ROSI) performance
CIOs, CISOs, CFOs, CEOs and other information security executives
Method of interview
Face-to-face interview, online survey
Supplementary notes
* Ernst & Young received feedback from nearly 1,836 CIOs, CISOs, CFOs, CEOs and other information security executives from 64 countries and across all industry sectors.
Profit from the additional features of your individual account
Currently, you are using a shared account. To use individual functions (e.g., mark statistics as favourites, set
statistic alerts) please log in with your personal account.
If you are an admin, please authenticate by logging in again.
Learn more about how Statista can support your business.
EY. (November 22, 2012). How does your organization assess the efficiency and effectiveness of information security? [Graph]. In Statista. Retrieved November 10, 2024, from https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/
EY. "How does your organization assess the efficiency and effectiveness of information security?." Chart. November 22, 2012. Statista. Accessed November 10, 2024. https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/
EY. (2012). How does your organization assess the efficiency and effectiveness of information security?. Statista. Statista Inc.. Accessed: November 10, 2024. https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/
EY. "How Does Your Organization Assess The Efficiency and Effectiveness of Information Security?." Statista, Statista Inc., 22 Nov 2012, https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/
EY, How does your organization assess the efficiency and effectiveness of information security? Statista, https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/ (last visited November 10, 2024)
How does your organization assess the efficiency and effectiveness of information security? [Graph], EY, November 22, 2012. [Online]. Available: https://www-statista-com.ezproxy.canberra.edu.au/statistics/259215/aassessment-of-efficiency-and-effectiveness-of-information-security-policies/
