Scepticism amongst security staff about board’s commitment to IT security
An independent survey of more than 200 enterprise IT and security managers, commissioned by security and systems management software vendor NetIQ, has revealed that more than half (51%) of all UK companies have not implemented the necessary processes and procedures to proactively manage risk and comply with legislative directives such as PCI and Mifid.
The survey conducted by EMedia on behalf of NetIQ, questioned 218 security and IT managers about their companies’ readiness and views on compliance and risk management. It revealed a lack of readiness to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The NetIQ survey also indicated a high degree of scepticism among IT staff concerning the commitment to or understanding of IT security among the board - 40% claimed the board were merely paying lip-service to IT security to gain compliance status. Other survey findings pointed to a lack of co-ordination between the IT organisation and the rest of the business. Some 29% of IT security managers felt their companies’ security policies were not closely aligned with its business objectives or areas of risk within their organisation. Furthermore 57% of them felt internal staff didn’t understand the legislation that affected their business.
More on Operational Risk
Banker behaviour remains in the spotlight after recent rule proposals
Benefits depend on "safe space" for mistakes and questions, seminar hears
Cash supply and communications key for earthquake recovery
Hiscox Re warns of poorly defined cyber risk in reinsurance coverage
Sign up for Risk.net email alerts
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
Watch discussions and speakers from our North America conference
In the February 2014 editorial video, OpRisk's latest industry survey finds room for improvement in risk management
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.