Majority of energy and utility organisations across Asia/Pacific excluding Japan (APEJ) rely on their information technology (IT) department for information security, according to International Data Corporation (IDC) Eenergy Insights.
The IDC survey revealed that 75% of energy and utility firms across APEJ leave information security in the hands of the IT department.
IDC recommends that a C-level security executive or equivalent person whose job is to focus on security policies and not IT operations should be responsible for IT security.
Despite security gaining prominence due to geographically distributed assets, proliferation of numerous edge devices and a growing mobile workforce, lack of experience dealing with security threats and limited budgets have hampered the broader and faster adoption of security policies.
Notable trends such as introduction of smart grid and smart metering offerings, global explosion of mobile devices, growing popularity of cloud computing and the rise of social media are driving development in IT security in this sector.
The survey said that 20% of the organisations surveyed do not align their security strategies with business objectives, as this move is imperative to ensure that appropriate metrics are in place for security executives to determine effectiveness.
Expressing more confidence that they are protected from internal threat, only 50% of the respondents are very confident that the information held by their organisation is protected from external attacks.
IDC Energy Insights Asia/Pacific head Debashis Tarafdar said, "Most companies that we have surveyed recognized the need for security management. While this is a positive sign, less than 10% of these companies have security policies and strategies implemented."
"In many cases, even the basic control measures are nonexistent, making adoption of the latest technologies such as cloud computing risky," Tarafdar said.
