Security threat posed by complacent IT chiefs

IT directors are putting their organisations in jeopardy with complacent attitudes to IT security according to a PricewaterhouseCoopers expert.

Chris Potter, partner for global risk management solutions at PwC, claimed IT people responsible for security seem unworried by security issues despite all the evidence pointing to huge rises in systems breaches and vulnerabilities.

He said: "There is complacency and large knowledge gaps. They say they are confident of their systems and then you ask them what they have in place and in many cases it's completely inadequate."

Potter pointed to figures from the latest benchmark Information Security Breaches survey by the DTI and PwC showing low adoption of security technologies but confidence that systems are under control.

He said: "61 per cent are confident in their EDI (Electronic Data Interchange) systems, but only 28 per cent are using digital certificates with them, only 25 per cent two-factor authentication. They think they have it sorted but they haven't."

While Potter also pointed to a "fundamental knowledge-gap" between security professionals and the board as a major reason why better security wasn't adopted, he said IT director complacency was just as big a factor.

Jeremy Butt, EMEA VP of security firm Watchguard, said it is true that many users wrongly believe they are covered against security threats. However, he added: "I do have sympathy with users, because keeping up with the changes is very difficult."