UK companies' inability to measure security risks accurately makes them vulnerable to attack, suggests new research.
Security risk is the number one priority for UK firms, finds the research from security firm nCircle. Yet, 66% of the 1,800 UK and US IT and security directors interviewed have no way of measuring whether their security risks are growing or shrinking.
You can't protect what you can't measure, warns nCircle.
"If they are unable to measure the scale of their exposure and its impact, they have no chance of meeting the security challenge effectively, and will remain hostage to hackers, Trojans, viruses and other malware," says Elizabeth Ireland, vice president of marketing at nCircle.
Some 69% could not assess their network vulnerability or study risk data by breaking it down into region, business unit or other criteria. Compliance issues continue to browbeat IT experts, with 55% of the sample unable to manage the process, and 63% taking three months to compile compliance reports.
These findings are mirrored in an Economist Intelligence Unit (EIU) study, 'Staying Ahead of the Technology Curve', which finds that half of UK companies do not regularly monitor security threats such as phishing. Only 40% regularly briefed the board on technology threats.