IT security still 'significant challenge' for UK firms

By Clement James on Dec 4, 2006 10:04 AM
Filed under Security

NCircle Risk Management Trends Report paints grim picture.

Security risk management processes remain a significant challenge for UK businesses, according to security firm nCircle, which this week announced the results of its annual Risk Management Trends Report.

The UK study found that compliance reporting and reducing network security risk was again voted the most important issue by 60 percent of CIOs and IT directors, although 46 percent cannot say if security risk is increasing or decreasing over time.

When asked about their ability to measure and report on network security risk, 51 percent said they were able to accomplish this, but this means almost half are still not. Worryingly, 38 percent of financial services companies, responsible for handling consumer data, admit to being unable to measure network security effectively.

A significant 20 percent of these senior IT professionals also do not know if they can perform this basic level of reporting.

In terms of reporting, 45 percent of respondents said their companies take longer than a month to compile information for regulatory compliance, despite this being the top priority for 25 percent of organisations. NCircle’s research also shows that UK companies are still falling far short of best practice, a worrying 30 percent of respondents could not say with confidence how long it takes to compile compliance data.

Kevin Lamb, director of EMEA operations at nCircle, said: “CIOs and IT directors who embrace the benefits of effective security risk management reporting will create better, faster and safer businesses. As well as the direct positive impact on business risk, organisations stand to benefit from reduced operational and compliance audit costs. Clearly, a company that has real-time information has more risk control and higher efficiency levels than one that is taking three months to compile data.”

Almost half the companies, 45 percent, said that better end-user attitude would make the biggest impact on improving security. “Often technology’s weakest link is end-user education and attitude. IT departments must take up the role of security ambassador in their organisations and find a way to talk to end-users meaningfully – metrics are a way to make security and risk management tangible and understandable for all,” Lamb said.