Go to any security conference, and you’ll probably find a session about return on investment and measurement.
It’s an issue that isn’t going to go away either, according to research from nCircle, which suggests that security risks continue to be the bane of most companies’ lives, yet two thirds of them cannot say whether their risks are growing or easing.
Many simply couldn’t assess their network vulnerability or risk data by breaking it down into region or business unit criteria, while over half admitted that regulatory compliance is such a headache they can’t manage the process. And 60% said completing compliance reports takes them three months.
Meanwhile, an Economist Intelligence Unit report suggests that half of UK companies do not regularly monitor security threats, and only 40% regularly briefed the Board on potential security problems.
These figures are rather difficult to believe. There is so much publicity around on security threats, any company not alive to them by now is either burying its head in the sand, technologically impotent when it comes to solutions, or taking a calculated risk that it won’t be affected. I can’t believe any company would be that cavalier.