Business and security still at odds

Businesses and the individuals charged with protecting enterprises from malicious code and cyber attack are failing to communicate, with firms being left unaware of their levels of risk or the potential for their operation to be adversely impacted.

According to research from nCircle, which interviewed 1,800 CIOs, CSOs and IT directors, 65 per cent of UK respondents had no idea whether their exposure to risk is increasing or decreasing.

Furthermore, 69 per cent of respondents were unable to generate network vulnerability and risk data.

Similarly, issues which should unite the business and its IT are continuing to fall down the gulf between the two. More than half (55 per cent) of UK respondents said they are unable to manage internal policy compliance.

Separate research from the Economist Intelligence Unit revealed that only 40 per cent of companies regularly brief the board on emerging threats which will impact their levels of operational risk.

This church and state division between the business and IT is something which has been recognised as a factor limiting the growth of companies in the UK and creating huge inefficiencies.

Speaking yesterday at the silicon.com CIO Forum, Jason Hart, head of security at White Hat, said: "The day I see information security being driven from the business will be so refreshing."

Hart added that the business must address the issue of information security and not leave it in the hands of techies who will happily run it in isolation from the rest of the business and will favour "the latest gadget" over strategic decision-making.