Jose Granado, Principal, Information Technology Enablement Center- Americas Security Leader at Ernst & Young, says that awareness of the link between information security and brand reputation has grown because "confidence and trust are very important, especially now". He adds that businesses have to make sure that data is secure—credit card data, buying habits, etc.

Luckily, there are various ways enterprises can keep the faith of their consumers, and even employees for that matter—one of which is tight information security.

Right now, there isn't any set international information security standard. Of course, there are standards within industries that companies should be compliant with, at the very least. However, each organization is different, so it's hard to pinpoint exact standards to set that will work for everyone.

Thirty percent of respondents say that their organization has used and implemented an information security standard, 20 percent say their organization hasn't used or implemented any specific security standards and 50 percent report that their organization has used at least one standard to influence the development their own information security policies.

Granado, who has over 20 years of experience in this area, suggests that organizations should evaluate why they need information security and "drive toward a wholistic approach. Standards should not set your security."

When a company does accept a certain standard or gain a certification, customer and partner trust will likely grow.

Trust also plays a key role between an organization and partner, vendor or contractor. Of those surveyed, 29 percent say their organizations don't perform any review or assessment of their partners, vendors or contractors to make sure that their information remains secure. However, many organizations are now realizing that risking a security incident comes back to them, if they don't take proper precautions. Although organizations are willing to work with third-parties, many stray away from outsourcing major information security activities.

Some organizations feel that they're "outsourcing their dirty laundry" in a sense, Granada says.

However, with risks come benefits, and outsourcing has a few. Most obviously, outsourcing attack and penetration testing to a third-party is a smart move, (more objective than doing internal testing), which 59 percent of those surveyed say their organization currently does. However, 23 percent of respondents say that they have no plans to outsource such testing.

Yet, while 77 percent of respondents don't have any plans to outsource incident response activities, perhaps they should reconsider.