by Nancy Gardiner
Northern News Services

NNSL (Mar 19/97) - A lack of human resources and money makes it difficult to protect information, according to a survey conducted by Ernst and Young Canada.

Altogether, 1,320 chief information officers and other senior information professionals from across North America were surveyed.

Seventy-eight per cent of them reported security-related financial losses in the past two years.

The top culprits were computer viruses (identified by 63 per cent), followed by acts by company insiders (32 per cent), natural disasters (25), acts by outsiders (18) and industrial espionage (nine).

An increase in attacks by insiders and outside hackers have caused information security losses.

"Continued uncertainty in the job market may be a possible motive," the study concludes. Given employees' knowledge of the systems and legitimate access privileges, such attacks "can be especially costly."

Only 40 percent of respondents have a planned incident response to information security crises.

The firm reports that electronic commerce over the Internet continues with modest growth.

Of those who reported losses, 14 per cent lost between $250,00 and $1 million.

The majority of respondents described information security as important or extremely important.

"We know from studies like this one and from our client work that many companies are experiencing losses. Senior management must increase its level of commitment to counter these security threats and reduce the risk of further losses," says John Kearns, national director of information systems with Ernst and Young Canada.

Ernst and Young provides information system audits and security services.