
On the other hand, half of respondents said that their company policy does include guidelines for security breaches, pointing to confusion amongst US businesses when implementing a coherent policy.
"It is interesting that these results are nearly evenly split,” said Andrew Storms, director of IT security for nCircle, in a statement. “This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment.”
“It also highlights the test of applying that policy when every infraction involves a different level of risk and a wide variety of human factors,” he added.
The study questioned 113 IT security professionals between May and August 2007.