Report from IT management poll indicates there is low confidence in the effectiveness and relevance of many corporate IT security policies according to dns
A recent report from PwC has indentified that almost 30 per cent of companies have failed to either review or measure the effectiveness of their security policies in the last year. The survey, which polled 7,000 IT executives, comes in the wake of falling confidence in data and identity protection as few have any solid confidence left in suppliers or business partner’s security.With the current misalignment of security standards, the consequences of this laissez faire attitude have been felt right across the board, with UK companies experiencing fraud, financial losses and 25 per cent of companies falling victim to intellectual property theft or damage to brand reputation. The survey highlights the growing need for companies to be educated in managing and securing data effectively, as threats become sophisticated and increasingly common place. Natasha Bolton, head of assurance services for dns comments on what companies can do to proactively maintain high level security policy: “The growing difficulty in securing and managing data effectively has left a big void in customer confidence. It’s understandable that in light of continuous stories of lost data, breaches and mishandling, customers are increasingly under the impression that companies are unsure about how to look after sensitive information. With a number of companies yet to develop a risk profile, some organisations are leaving security policies to chance. To combat this apparent lax attitude, companies will need to implement a business led approach to data security, as information assets are critical investments. Firms are still yet to realise that as well enforcing security policies and educating staff, companies need an effective system to manage the process 24/7. It is vital that companies work together with third party security experts, as their knowledge and experience will allow them to develop a security policy which balances operations with security needs and compliance.”
|
