UK companies' inability to measure security risks
accurately makes them vulnerable to attack, suggests new
research.
Security risk is the number one priority for UK firms, finds the
research from security firm nCircle. Yet, 66% of the 1,800 UK and
US IT and security directors interviewed have no way of measuring
whether their security risks are growing or shrinking.
You can't protect what you can't measure, warns nCircle.
"If they are unable to measure the scale of their exposure and
its impact, they have no chance of meeting the security challenge
effectively, and will remain hostage to hackers, Trojans, viruses
and other malware," says Elizabeth Ireland, vice president of
marketing at nCircle.
Some 69% could not assess their network vulnerability or study
risk data by breaking it down into region, business unit or other
criteria. Compliance issues continue to browbeat IT experts, with
55% of the sample unable to manage the process, and 63% taking
three months to compile compliance reports.
These findings are mirrored in an Economist Intelligence Unit
(EIU) study, 'Staying Ahead of the Technology Curve', which finds
that half of UK companies do not regularly monitor security threats
such as phishing. Only 40% regularly briefed the board on
technology threats.