Most companies are leaving their IT and e-business networks dangerously exposed because they have no regular policy for reviewing or upgrading their security procedures, according to new research from Datamonitor.
When the market analyst surveyed 250 European companies it found 70% of executives had no idea whether, or how often, their security strategy was revised.Datamonitor analyst Richard Clifford claimed the ‘remarkable’ lack of awareness indicates that firms are still not taking IT security seriously, despite the $15bn worth of damage caused worldwide by breaches every year.
He said the level of ignorance over review procedures suggests that the 75% of companies claiming to operate a clearly defined security policy may be delud-ing themselves. Datamonitor’s report claims the problem arises because any truly effective security measures rely on rigorous enforcement and constant review to cope with emerging threats.
By contrast, many standard IT security systems do not need constant review and tend to be installed and forgotten about.
‘Just because a company has passwords to authenticate their users, anti-virus software and firewalls does not necessarily mean that a security policy is in place,’ said Clifford.