10 Aug 2007, Operational Risk & Regulation
An independent survey of more than 200 enterprise IT and security managers, commissioned by security and systems management software vendor NetIQ, has revealed that more than half (51%) of all UK companies have not implemented the necessary processes and procedures to proactively manage risk and comply with legislative directives such as PCI and Mifid.
The survey conducted by EMedia on behalf of NetIQ, questioned 218 security and IT managers about their companies’ readiness and views on compliance and risk management. It revealed a lack of readiness to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The NetIQ survey also indicated a high degree of scepticism among IT staff concerning the commitment to or understanding of IT security among the board - 40% claimed the board were merely paying lip-service to IT security to gain compliance status. Other survey findings pointed to a lack of co-ordination between the IT organisation and the rest of the business. Some 29% of IT security managers felt their companies’ security policies were not closely aligned with its business objectives or areas of risk within their organisation. Furthermore 57% of them felt internal staff didn’t understand the legislation that affected their business.