Blinkered boardrooms are the biggest barrier to IT security
implementation, according to research by Integralis, which blames
lack of commitment and understanding for the failure to adopt
effective security strategies.
Integralis questioned 200 representatives from both the public
and private sector and found that in 76% of cases overall
responsibility for security implementation was still with the IT
department. Only 11% of respondents said that their Board of
Directors took responsibility for IT security, while 6% pointed to
the HR department as being in charge of this issue.
The findings echo research carried out by the company in
2003.
"It's incredible that two years on, security risk management
still isn't the boardroom issue that it should be," said Graham
Jones, Integralis Director of Northern Europe.
"We're still seeing many organisations lacking the level of
board commitment needed to tackle vulnerabilities at the deepest
layers. The board do not appear to understand the far reaching
brand, reputation and legal implications a security breach can
have," he added.
The CBI/QinetiQ Business Security Survey 2004 found that 57% of
companies are particularly worried about IT and network security,
but, according to Integralis, the fact that the majority of its
respondents still put internet speed higher in priority than
corporate security shows that the message doesn't appear to be
getting through 'on the ground'. This, says the firm, points to a
lack of clear direction from the top.
"It is unlikely that an IT manager will know who's downloading
what software at their desks, exchanging illicit and/or
confidential information, chatting all day via a web phone or MSN,
or be able to understand, never mind have the bandwidth to
maintain, complex multi-layer security across multiple sites.
Security should not start and end with the IT department," warned
Jones.
