UK business not meeting data protection deadlines

Board only paying lip service to IT staff

Written by Ian Williams

vnunet.com, 09 Aug 2007

Just over half of UK companies have not implemented the necessary processes and procedures to comply with legislative directives such as PCI DSS and Mifid, according to a new survey commissioned by security system developers NetIQ.

The survey also shows a high degree of scepticism among IT staff concerning the commitment to IT security at board level, with 40 per cent of respondents saying that the board were merely paying lip-service to IT security to gain compliance status.

"This reinforces the need for the CSO to be not only a technologist but also a good communicator, who is able to interact with people outside the IT department. We see many misconceptions about the importance of risk management in the marketplace," said Ulrich Weigel, director of security products for NetIQ.

"It is imperative that they are able to communicate at senior board level that security is no longer just a cost item on the P&L, but that it can actually differentiate them from their competitors and win them new business."

The results reveal a lack of readiness of companies to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.

The survey was conducted by EMedia and questioned 218 security and IT managers about their company's readiness and views on compliance and risk management.

Other survey findings pointed to a lack of co-ordination between the IT department and the rest of the business, as 29 per cent of IT security managers felt that their company's security policies were sufficiently integrated with the rest of their business objectives.

Furthermore, 57 per cent of them felt that internal staff didn't understand the legislation that affected their business.

These findings confirm similar results from a report titled What's Top Of Mind For European Security Managers? by analyst firm Forrester Research.

"CSOs/CISOs have traditionally been IT people focused on technology, but the job is shifting to focus more on business risk management," said Thomas Raschke, an analyst at Forrester Research.

"We are currently in a time of transition, one that can make CISOs with less business-side experience acutely uncomfortable. In the interim, legacy CISOs and other security managers still struggle with gaining visibility and influence within the business."

Enjoyed this article? Help spread the word:

Comments

Reader comments for this story
Post your comment Post your comment   What is this?

Also read

Related articles

White papers

Related jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Richard Atkinson, FD of All England Tennis Court

Profile: Richard Atkinson, FD of All England Tennis Club

As Wimbledon reaches a heady climax, the FD of All...

PwC 10-year anniversary special report

Relive how the controversial mega-merger of Price Waterhouse and Coopers...

Make partner fast with YP

The latest edition of Young Professional features our definitive guide...

Find your next job

Find your next job
  • Solve your clients debt problem with a ClearDebt IVA
Salary Checker

Newsletters

Sign up here for the very latest news delivered to your inbox. Choose from the following options:

Search white papers

Search white papers

Have your say

THE BIG QUESTION: IS YOUR JOB AT RISK?
Has the credit crunch made you fear for your job?
Yes, my company says jobs will go
Maybe, if things get worse, I could be hit
No, business is quite stable

Job of the week

More finance jobs...

Your next job