Organisations are failing to educate their staff about information security threats, leaving them vulnerable to increasingly sophisticated computer viruses and worms, according to a global survey.
Ignorance about the basics of IT security emerged as the main hole in organisations’ security polices in a survey of directors at 1,233 private and public sector organisations worldwide by professional services firm Ernst & Young.
But despite recognising the need to better educate and train employees on IT security only 28% of respondents listed this as a "top initiative" for this year.
Only 20% of respondents said that their IT security was perceived as priority for their chief executive officer.
The survey also found complacency in organisations’ that outsource their IT. Over a third said they did not check regularly whether their suppliers complied with their policies on IT security.
"Senior management do recognise the importance of information security but persistent gaps continue to exist in the amount of diligence and resources that are deployed in security awareness and training," said Jan Babiak, managing partner of Ernst & Young’s Information Security Services in the UK.
Few surveyed doubted the importance of IT security to the success of their organisation. Ninety one per cent of respondents questioned said that IT security was either very important or somewhat important in achieving their business goals and objectives.