Scepticism amongst security staff about board’s commitment to IT security
An independent survey of more than 200 enterprise IT and security managers, commissioned by security and systems management software vendor NetIQ, has revealed that more than half (51%) of all UK companies have not implemented the necessary processes and procedures to proactively manage risk and comply with legislative directives such as PCI and Mifid.
The survey conducted by EMedia on behalf of NetIQ, questioned 218 security and IT managers about their companies’ readiness and views on compliance and risk management. It revealed a lack of readiness to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The NetIQ survey also indicated a high degree of scepticism among IT staff concerning the commitment to or understanding of IT security among the board - 40% claimed the board were merely paying lip-service to IT security to gain compliance status. Other survey findings pointed to a lack of co-ordination between the IT organisation and the rest of the business. Some 29% of IT security managers felt their companies’ security policies were not closely aligned with its business objectives or areas of risk within their organisation. Furthermore 57% of them felt internal staff didn’t understand the legislation that affected their business.
More on Operational Risk
Bank expects biggest hit from RMBS investigations
Central bank eyes big data and psychology
FCA aims to act early to prevent misconduct
Better conduct could come from proven knowledge of markets and ethics
Sign up for Risk.net email alerts
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.