Despite continual media reports on viruses and vulnerabilities, 44% of UK Financial and Insurance institutions surveyed admitted to having suffered an IT/system attack or virus within the last year, with a further 17% unsure if they had been affected. The latter was in line with another of the survey’s findings that indicated 73% of respondents rated their awareness of IT security issues as low to medium.
Over the past month, Integralis has toured the UK with its Information Security seminars, visiting 11 cities and surveying board level and senior management representatives from 190 companies and organisations. The questions sought to uncover the perception of outsourcing IT security and its popularity, the awareness of security issues in general and the extent to which businesses had been affected by security issues over the previous 12 months.
“Security is still cited as a key business issue in many surveys, yet our findings show that companies are still leaving themselves open to attack,” commented Paul Godden, managing director at Integralis. “Viruses and worms such as Code Red and Nimda are still causing problems for IT systems, but add to this the threat of network vulnerabilities in the face of an increasing dependence on the Internet and it is clear that businesses must re-consider their approach to IT security issues. The implementation of acceptable use policies and increased levels employee awareness through education provide a strong platform for future development.”
One of the ways in which businesses can lower the level of risk that they face is to outsource IT security needs to a third party, which 71% (against a national average of 60%) of respondents highlighted as an important issue within their sector. On the flip-side, however, only 28% of Financial and Insurance institutions are actually using managed security services to help them reduce their level of vulnerability.
“Certain sectors have faired better than others, but this should be no cause for complacency,” continued Godden. “Security is a utility service for many organisations and, as such, often companies do not have skills in-house to maintain security. For them, selecting a managed security services provider can help to remove the burden of direct responsibility, allowing them instead to focus on generating revenue through their core business processes.”