Manufacturers struggle to enforce IT security, study finds

That’s among key findings of a study commissioned by risk management and information security expert DNV IT Global Services. It also reveals that four out of 10 IT professionals can’t remember their last security briefing, while one in five claim never to have been briefed. It’s central conclusion: UK organisations are exposing themselves to the risk of a security breach from staff error mainly because they are not adequately operating and enforcing information security procedures. The survey, carried out among 100 IT managers in companies employing more that 1,000 people, also finds evidence of a continuing security policy disconnect between C-level execs and the wider workforce – despite most organisations operating IT security programmes. One in six respondents cited failure of leadership by their C-level execs as their organisation’s weakest link. Says Mike Loginov, managing director DNV IT Global Services: “Companies are certainly making considerable efforts to implement organisation-wide security programmes. However, they are struggling to deliver adequate security awareness training and adherence to processes that mutating security threats demand. “In particular, company management appears to be failing to properly develop policy or to drive through vital assurance procedures. This is resulting in key functions like IT becoming sceptical about security, or even becoming detached from processes that they should be playing a leading role in enforcing.”