Firms ignorant of hacker risk

#111 Want to know why being in charge of security is such a tough job?

Although a network security breach is rated the number one worry keeping IT managers awake at night, most admit that they have no way accurately to measure and report on the degree of risk posed by hackers. This is according to a survey of 1,700 chief information officers, chief security officers and security directors that some 60 per cent are unable to determine whether their network security risk is decreasing or increasing over time. In addition, almost 60 per cent admitted that they are unable to generate reports about applications or vulnerabilities on their network by region, business unit or business owner.

The Vulnerability and Risk Management Trend Survey, conducted by security firm nCircle, also revealed that over half of respondents have no way to verify and manage compliance with their own internal security policies. Respondents also identified the management of regulatory compliance as a growing business concern. Fifty per cent of respondents stated that it takes their company more than a month to compile information for compliance reporting.

In terms of future investments in security technology, respondents indicated that they are planning to add identity, access and vulnerability management technology in the next year.