Comparative analyses of perception of information security barriers of both populations of respondents are illustrated in Figure 3. From the Figure 3 it is noticeable that highest graded barrier in banking and insurance managers was Price of standardisation of information security (1.47), while their lowest grade went to the factor Insufficient expertise of company managers in organisational issues (5.26). Highest graded barrier concerning auditing managers was Insufficient knowledge of company managers about information security importance (1.00), and lowest graded was Insufficient number of auditors (6.00). The biggest gap in perception of information security barriers was insufficient number of auditors (3.24) while lowest gap in perception of barriers was insufficient expertise of IT employees in companies (0.60).
There is a significant gap in perception of information security barriers of respondents from both groups. Managers in companies gave significantly higher importance to the Price of standardisation of information security and insufficient number of auditors than it was graded by auditors. At the same time auditors gave higher importance to insufficient knowledge of company managers about information security importance and insufficient expertise of company managers in organisational issues. It can be noticed that company managers have a perception that biggest information security barriers exist out of their companies, while auditors have a perception that biggest barriers are knowledge and skills of company managers regarding information security importance and organisational issues. Banks’ service
Analyses of marketing aspects of information security are illustrated in Table 4. Marketing aspects of standardisation of information security were measured in terms of whether companies were exposed to some of the mentioned types of marketing activities. From Table 4 it can be noticed that the most represented way of communication between companies and auditors were Sending pricelist and offers to potential clients (65.22%) and Sending electronic education materials to potential clients (95.65%). Auditors relied mostly on these two marketing activities. It can be observed that Systematic marketing campaigns from auditors (39.13%) and Personal contact between auditors and company managers (8.79%) were lowly presented.
When it comes to the price of standardisation of information security, average price charged by auditors was 22,750.00 €, while average price that companies were ready to pay was 19,964.00 €. The gap was 2,786.00 € or 13.94% with regard to the average price the companies were ready to pay. This gap was not significantly big regarding to the financial potential of banking and insurance companies. These data can serve to calculate market variables such as market potential, market volume, etc. that can be useful to managers of companies and auditors.
Figure 3: Comparative Analyses of Perception of Information Security Barriers
Table 4: Marketing Activities of Standardisation of Information Security
|Sending pricelist and offers to potential clients||65.22%|
|Sending electronic education materials to potential clients||95.65%|
|Sending hard copy education materials to potential clients||21.74%|
|Systematic marketing campaigns from auditors||39.13%|
|Promotion of favourable financial conditions of certification||4.35%|
|Personal contact between auditors and company managers||8.79%|