Scepticism amongst security staff about board’s commitment to IT security
An independent survey of more than 200 enterprise IT and security managers, commissioned by security and systems management software vendor NetIQ, has revealed that more than half (51%) of all UK companies have not implemented the necessary processes and procedures to proactively manage risk and comply with legislative directives such as PCI and Mifid.
The survey conducted by EMedia on behalf of NetIQ, questioned 218 security and IT managers about their companies’ readiness and views on compliance and risk management. It revealed a lack of readiness to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The NetIQ survey also indicated a high degree of scepticism among IT staff concerning the commitment to or understanding of IT security among the board - 40% claimed the board were merely paying lip-service to IT security to gain compliance status. Other survey findings pointed to a lack of co-ordination between the IT organisation and the rest of the business. Some 29% of IT security managers felt their companies’ security policies were not closely aligned with its business objectives or areas of risk within their organisation. Furthermore 57% of them felt internal staff didn’t understand the legislation that affected their business.
More on Operational Risk
Hoodless and Madaras among those suspended
Focus needs to be on reacting, not stopping every threat
Keeping track of fraud and money laundering made easier through machine learning
Sponsored survey analysis: Protiviti
Sign up for Risk.net email alerts
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
Watch discussions and speakers from our North America conference
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.