Organisations are failing to educate their staff about
information security threats, leaving them vulnerable to
increasingly sophisticated computer viruses and worms, according to
a global survey.
Ignorance about the basics of IT security emerged as the main
hole in organisations’ security polices in a survey of directors at
1,233 private and public sector organisations worldwide by
professional services firm Ernst & Young.
But despite recognising the need to better educate and train
employees on IT security only 28% of respondents listed this as a
"top initiative" for this year.
Only 20% of respondents said that their IT security was
perceived as priority for their chief executive officer.
The survey also found complacency in organisations’ that
outsource their IT. Over a third said they did not check regularly
whether their suppliers complied with their policies on IT
security.
"Senior management do recognise the importance of information
security but persistent gaps continue to exist in the amount of
diligence and resources that are deployed in security awareness and
training," said Jan Babiak, managing partner of Ernst & Young’s
Information Security Services in the UK.
Few surveyed doubted the importance of IT security to the
success of their organisation. Ninety one per cent of respondents
questioned said that IT security was either very important or
somewhat important in achieving their business goals and
objectives.