Security risk management processes remain a significant challenge for UK businesses, according to security firm nCircle, which this week announced the results of its annual Risk Management Trends Report.
The UK study found that compliance reporting and reducing network security risk was again voted the most important issue by 60 per cent of CIOs and IT directors, although 46 per cent cannot say if security risk is increasing or decreasing over time.
When asked about their ability to measure and report on network security risk, 51 per cent said they were able to accomplish this, but this means almost half are still not. Worryingly, 38 per cent of financial services companies, responsible for handling consumer data, admit to being unable to measure network security effectively.
A significant 20 per cent of these senior IT professionals also do not know if they can perform this basic level of reporting.
In terms of reporting, 45 per cent of respondents said their companies take longer than a month to compile information for regulatory compliance, despite this being the top priority for 25 per cent of organisations. nCircle’s research also shows that UK companies are still falling far short of best practice, a worrying 30 per cent of respondents could not say with confidence how long it takes to compile compliance data.
Kevin Lamb, director of EMEA operations at nCircle, said: “CIOs and IT directors who embrace the benefits of effective security risk management reporting will create better, faster and safer businesses. As well as the direct positive impact on business risk, organisations stand to benefit from reduced operational and compliance audit costs. Clearly, a company that has real-time information has more risk control and higher efficiency levels than one that is taking three months to compile data.”
Almost half the companies, 45 per cent, said that better end-user attitude would make the biggest impact on improving security. “Often technology’s weakest link is end-user education and attitude. IT departments must take up the role of security ambassador in their organisations and find a way to talk to end-users meaningfully – metrics are a way to make security and risk management tangible and understandable for all,” Lamb said.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend