Over half of companies are more worried about their own employees turning rogue than about external cyber-threats, a survey said.
While cyber security is a global issue, this survey, conducted by IT Governance, wanted to show how company directors and board members currently perceive IT security issues. Most of the respondents in this survey are from the UK, are IT professionals, and work for tech and financial firms, telecoms, and the government/local authorities. It does give a regional snapshot on some security issues.
A quarter of the 260 respondents said their organization received a concerted cyber attack in the past 12 months. However, the true total may be higher, as over 20 percent are unsure if their organization has been subject to an attack.
Despite that, over 40 percent of respondents said their company is either making the wrong level of investment in information security or are unsure if their investment is appropriate.
And it doesn’t help that reports on the status of the organization’s IT security often gets delivered once a year or in even bigger intervals — or in 30 percent of the cases board-level job candidates are aware and understand current IT security threats.
The good news is customers are beginning to take the company’s security credentials into consideration when choosing their suppliers. Seventy-four percent of respondents said their customers prefer dealing with suppliers with such credentials, while 50 percent said customers asked their company about its information security measures in the past 12 months.
Despite all this, compliance with the ISO/IEC 27001 security standard is not high (around 35 percent) with the companies whose employees/managers have been polled.