UK firms 'ignoring' network security

Inability to measure risk leaves companies exposed, warns security firm

Most UK businesses are unable effectively to measure and report on network security risk, according to research by security firm nCircle.

Some 66 per cent of companies have no way of telling whether security risks are increasing or decreasing over time, and 69 per cent said that they were unable to generate network vulnerability and risk data broken down by region, business unit or business owner.

The lack of clear auditing techniques is at odds with the fact that networking security remains the number one concern of firms polled, according to the research.

Meanwhile, verifying and managing internal policy compliance continues to be a headache for IT and security experts, with 55 per cent of respondents indicating that they are unable to manage the process.

Even when compliance systems are in place, the time to audit is often lengthy; 60 per cent of companies said that compliance reporting takes up to three months.

"Businesses are still grappling with fundamental process issues when tackling vulnerability and risk management," said Elizabeth Ireland, vice president of marketing at nCircle.

"If they are unable to measure the scale of their exposure and its impact, they will remain hostage to hackers, Trojans, viruses and other malware."

The findings mirror recent research from the Economist Intelligence Unit which found that only 40 per cent of UK firms regularly brief the board on emerging threats which are likely to have an impact on levels of operational risk.

• Security firms warn of smarter viruses