Industry Research : Board of Directors Think They Are 'Above It' With IT Security
A survey of 300 IT Security professionals has revealed that board of directors are most likely to ignore or flout security policies and procedures, with 42% cited as frequently ignoring them. That’s according to a survey released today by Cryptzone, Europe’s IT Threat Mitigation specialists, who found that rather than setting an example, over half of respondents were convinced that senior management believe that "the rules don't apply to them" when it comes to respecting IT security policies and procedures.
Alarmingly, 52% of those surveyed agreed with the statement that the Board of Directors have access to the most sensitive information yet have the least understanding of security. A worrying statistic when data loss has become a daily news headline and the regulators is hitting hard on organisations with lax attitudes towards data security.
Senior Vice President of the NETconsent business unit at Cryptzone, Dominic Saunders, said, "There’s a saying ‘do as I say, not as I do’ and this study would appear to demonstrate that it resonates in the executive corridor of far too many organisations today. However, there’s also a phrase ‘united we stand, divided we fall’ and that’s what each person who doesn’t tow the security line is potentially exposing their company to. Education is so important so that every single person not only knows what they should be doing, but also why they’re doing it. On top of that organisations need to get savvy and introduce solutions that don’t allow anyone, regardless of how far up the corporate tree they sit, to flout policies and procedures."
The survey was conducted amongst 300 IT professionals visiting last month’s Infosecurity Europe, so surprisingly , when asked who in the organisation is least likely to follow policy and procedures, 20% answered senior managers, 17% CEO’s and an additional 20% pointed the finger right back at themselves citing the IT team!
"This is a tough problem. Seeing wanton disregard at a senior level for the policies and procedures put in place to protect an organisation is infuriating, and a real challenge for the CISO who must balance the needs of a business with the requirement to protect assets." said Nigel Stanley, Practice Leader for Security at Bloor Research. He added, "I consider the starting point for all security measures to be a governance statement signed by the board, at least with this you have some comeback if senior managers and directors aren’t playing ball."
Turning attentions to security training, 65% of companies offer the same level and amount of IT security training to everyone in the organisation. Dominic concludes, "The reality of this practice is money is being wasted training people who might not need it, while not providing enough to the most at risk groups. Instead training should be tailored to reflect the level and depth of information people are privilege to, balanced against the risks they’re exposed to."
Today's Tip of the Day - Keys To Technology
More Editorial From Cryptzone
Published: Friday, May 25, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
|Arise Virtual Solutions|
Arise is a pioneer of on-demand customer management technology and business process outsourcing. Our powerful cloud-based platform provides a virtual nationwide network to connect primarily work-at-ho...
Content Guru helps organisations to communicate better, enabling them to satisfy the increasing expectations of both customers and colleagues. Our innovative cloud-based technology reduces the cost an...
Everest Group is an advisor to business leaders on the next generation of global services with a worldwide reputation for helping Global 1000 firms dramatically improve their performance by optimizing...