UK risk professionals see significant scope for improving the integration and alignment of IT to better manage information security and risk, research by the National Computer Centre for Atos Consulting has found.
The survey found that 25% of respondents cited an increase in board level awareness of the importance of security and information risk issues. But some areas need renewed focus, said Mark Jones, author of the report and associate partner and head of Atos Consulting Security and Information Risk Services.
“Organisations are becoming increasingly aware and in some cases – like Nationwide and its recent £1.4m Financial Services Authority fine – all too painfully aware, of not doing enough to secure data when it is mobile,” he said.
“The focus has been on securing data in transmission, but not enough is being done to secure the endpoint devices.”
The survey also found that 66% of respondents reported that a single sign-on solution will be either evaluated or deployed within the next two years. Other popular security initiatives in the next two years include real-time security monitoring and management and the implementation of encryption, with close to 50% of respondents reporting these two initiatives will be evaluated or deployed.
“It’s all about governance,” added Jones. “Measurement is key to organisations’ need to consistently re-evaluate the integrity, availability and capability of their risk and security processes, thinking about the effect on the brand down rather than the infrastructure up.”
Three quarters reported that they see some value in outsourcing the threat monitoring and alerting function. And close to nine out of ten respondents also saw some value in outsourcing their penetration testing function.
The NCC surveyed 99 risk management professionals across a broad range of UK businesses.
Comment on this article: firstname.lastname@example.org