Security risk management processes remain a significant challenge for UK businesses, according to security firm nCircle, which this week announced the results of its annual Risk Management Trends Report.
The UK study found that compliance reporting and reducing network security risk was again voted the most important issue by 60 per cent of CIOs and IT directors, although 46 per cent cannot say if security risk is increasing or decreasing over time.
When asked about their ability to measure and report on network security risk, 51 per cent said they were able to accomplish this, but this means almost half are still not. Worryingly, 38 per cent of financial services companies, responsible for handling consumer data, admit to being unable to measure network security effectively.
A significant 20 per cent of these senior IT professionals also do not know if they can perform this basic level of reporting.
In terms of reporting, 45 per cent of respondents said their companies take longer than a month to compile information for regulatory compliance, despite this being the top priority for 25 per cent of organisations. nCircle’s research also shows that UK companies are still falling far short of best practice, a worrying 30 per cent of respondents could not say with confidence how long it takes to compile compliance data.
Kevin Lamb, director of EMEA operations at nCircle, said: “CIOs and IT directors who embrace the benefits of effective security risk management reporting will create better, faster and safer businesses. As well as the direct positive impact on business risk, organisations stand to benefit from reduced operational and compliance audit costs. Clearly, a company that has real-time information has more risk control and higher efficiency levels than one that is taking three months to compile data.”
Almost half the companies, 45 per cent, said that better end-user attitude would make the biggest impact on improving security. “Often technology’s weakest link is end-user education and attitude. IT departments must take up the role of security ambassador in their organisations and find a way to talk to end-users meaningfully – metrics are a way to make security and risk management tangible and understandable for all,” Lamb said.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away