Just over half of UK companies have not implemented the necessary processes and procedures to comply with legislative directives such as PCI DSS and Mifid, according to a new survey commissioned by security system developers NetIQ.
The survey also shows a high degree of scepticism among IT staff concerning the commitment to IT security at board level, with 40 per cent of respondents saying that the board were merely paying lip-service to IT security to gain compliance status.
"This reinforces the need for the CSO to be not only a technologist but also a good communicator, who is able to interact with people outside the IT department. We see many misconceptions about the importance of risk management in the marketplace," said Ulrich Weigel, director of security products for NetIQ.
"It is imperative that they are able to communicate at senior board level that security is no longer just a cost item on the P&L, but that it can actually differentiate them from their competitors and win them new business."
The results reveal a lack of readiness of companies to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The survey was conducted by EMedia and questioned 218 security and IT managers about their company's readiness and views on compliance and risk management.
Other survey findings pointed to a lack of co-ordination between the IT department and the rest of the business, as 29 per cent of IT security managers felt that their company's security policies were sufficiently integrated with the rest of their business objectives.
Furthermore, 57 per cent of them felt that internal staff didn't understand the legislation that affected their business.
These findings confirm similar results from a report titled What's Top Of Mind For European Security Managers? by analyst firm Forrester Research.
"CSOs/CISOs have traditionally been IT people focused on technology, but the job is shifting to focus more on business risk management," said Thomas Raschke, an analyst at Forrester Research.
"We are currently in a time of transition, one that can make CISOs with less business-side experience acutely uncomfortable. In the interim, legacy CISOs and other security managers still struggle with gaining visibility and influence within the business."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago