Although a network security breach is rated the number one worry keeping IT managers awake at night, most admit that they have no way accurately to measure and report on the degree of risk posed by hackers.
According to a survey of 1,700 chief information officers, chief security officers and security directors published today, some 60 per cent are unable to determine whether their network security risk is decreasing or increasing over time.
In addition, almost 60 per cent admitted that they are unable to generate reports about applications or vulnerabilities on their network by region, business unit or business owner.
The Vulnerability and Risk Management Trend Survey, conducted by security firm nCircle, also revealed that over half of respondents have no way to verify and manage compliance with their own internal security policies.
Respondents also identified the management of regulatory compliance as a growing business concern. Fifty per cent of respondents stated that it takes their company more than a month to compile information for compliance reporting.
In terms of future investments in security technology, respondents indicated that they are planning to add identity, access and vulnerability management technology in the next year.
"We conducted this survey to better understand how businesses view and manage their network security risk," said Elizabeth Ireland, vice president of marketing at nCircle.
"The results highlight the need for a significant number of enterprises to implement solutions and processes to more effectively measure, manage and ultimately reduce their risk."
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally