Company boards are increasingly ignorant of IT security matters, which could cause problems in developing policies to protect organisations, according to a recent report from IT services provider Detica.
Detica's report argues that firms are focusing too much on standalone technology solutions to protect themselves, rather than taking a strategic approach to the issue with input from the board. Detica's report, Information Security in the UK 2003, is based on a survey of 140 large private and public sector organisations.
One of the findings is that only 54 percent of directors said they were aware of formal security procedures this year, down from 82 percent last year. Interest in the BS7799 security standard has also fallen. Only two percent of respondents claimed to be seeking accreditation this year, down from nine percent last year. And more than half of directors were not aware of the standard's existence, up from just over a third in 2002.
Forty percent of companies said they were planning to spend on new technology to improve security, and 35 percent said they would invest in policies to improve security.
In the public sector the position was reversed, however. More public sector organisations were planning to invest in policies rather than technology to improve their protection.
Detica said that this was probably because there are manuals specifically for the public sector, offering guidelines and best practices.
Detica argued that firms should follow this lead. David Porter, head of security and risk at Detica, said that the lack of awareness put many businesses at risk. "It's a game of Russian roulette that isn't going to improve [while] companies take this laissez-faire attitude to security," he added.
reader comments