Stuart Corner
Thursday, 25 September 2008 13:37
Your IT -
Home IT
Page 1 of 2
In the wake of several recent major data security bungles by UK government bodies comes a study which paints an alarming picture of organisational attitudes to information security.
The study, undertaken in the UK by Logica in conjunction with the e-media group, revealed that 60 percent of companies which had experienced a data breach did not tell their clients, and half failed to tell the police or authorities.
Fifty seven percent of the 300 public and private sector organisations surveyed "have no idea or understanding of the impact of a security breach on their business or organisation," Logica reports.
"A continued lack of engagement with the issue is evident, with just 16 percent of firms having a 'Value at Risk' profile for information assets it owns/controls; with half of respondents believing that security is solely an IT departmental issue."
(Logica explains that the lack of a 'Value at Risk' policy in an organisation means that "other organisations are unable to effectively classify their data and hence find it difficult to put in place specific security that will adequately protect that data from loss.")
Logica's depressing findings follow equally depressing ones
from BearingPoint released last week. BearingPoint commissioned a study into "The Disconnect Between Security and the Business," from Forrester Consulting. It found that "organisational complexity and conflicting business priorities stand in the way of implementing effective risk and security solutions for companies around the world."
Commenting on Logica's study, Tim Best, director enterprise security solutions at Logica, said: "this complacent attitude not only increases the likelihood of financial and reputational consequences but also highlights the inadequate security policies and protocols that UK organisations have in place."
CONTINUED
LATEST HEADLINES FROM YOUR IT
