Patching gets thumbs down

Half of UK IT professionals are concerned about the cost and time taken to manage patches for security flaws.

Half of UK IT professionals are concerned about the cost and time taken to manage patches for security flaws.

The situation is particularly acute in enterprises with more than 5,000 employees, according to a report by ICM Research.

Of the 100 IT directors and managers of companies with over 500 employees polled in the survey, 45 claimed software providers' exisiting methods of sending out patches were too costly or of poor value. 

“Patches can be a real burden, and from a security standpoint a lot of patches are completely irrelevant,” said John Holland, senior vice-president for international operations at security firm TruSecure, which commissioned the study.

Holland pointed to earlier research carried out by the firm, which concluded that of the 4,129 vulnerabilities reported in 2002, less than 2% were exploited by hackers.

Suppliers are not giving users “appropriate” information and patch alert services are too “generic” - they do not take into account what individual companies need, he said.

"Users need added-value services that provide information on criticality to help them prioritise patch application and help balance the workload involved in implementing and testing patches.

Key findings

  • 3% of UK IT professionals thought the patch management information they received was 100% relevant to their individual business needs.
  • 45% are concerned about the cost and value of patch management for security flaws.
  • 61% of respondents said managing risk is more important than simply managing security at an operational level.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...