Firms unable to measure network security risk

By | September 29, 2005

A new research has shown that over half of businesses in the UK and US are ill-equipped to calculate and report if security risk was increasing or decreasing over time, despite this being their top concern.

“Clearly businesses on both sides of the Atlantic are still grappling with fundamental process issues when tackling vulnerability and risk management. If they’re unable to measure the scale of their exposure and its impact, they have no chance of meeting the security challenge effectively, and will remain hostage to hackers, Trojans, viruses and other malware,” said Elizabeth Ireland, vice president of marketing, nCircle.

The research found that most businesses in the UK and US are unable to classify network vulnerability and risk data by regions and business units. However, when asked about their ability to generate compliance reports, less than 20 percent can make it within a single day. Other respondents said they would need one week to three months.

“The foundation of good network security must be gathering comprehensive risk and vulnerability data and turning it into actionable intelligence based on the overall network risk and potential impact on the business,” Ireland continued. “This is the only way to reduce an organisation’s exposure in the long term; all other approaches rely on knee-jerk reactions.”

The research, conducted by nCircle, involved over 1800 IT professionals, Chief Information Officers and Chief Security Officers from UK and US companies.

Leave a Reply