IT Pros Not Satisfied With Security Plans

In a survey, 30 percent of information security pros said their companies lack adequate security plans.

Despite a year of unrelenting talk about the specter of cyberterrorism, 30 percent of information security professionals responding to a new survey said that their companies dont have adequate plans for dealing with security and cyberterror issues.

And, nearly 40 percent said that their companys security policies and plans are not regularly reviewed by senior management.

These results highlight the fact that many executives still dont consider security to be a critical part of their companies strategic plans, despite the continued increase in both the number and severity of attacks on corporate networks. Experts say the responses also show a dangerous level of naivete on part of some of the security professionals polled.

"The real mindblower here is not that 30 percent of people think their company wouldnt be able to withstand an attack—it is that 70 percent think they could," said analyst Pete Lindstrom, of Hurwitz Group in Framingham, Mass. "I would rather have any of the 30 percent working for me than the 70 percent who are comfortable."

The survey included several questions about whether or how security policies and budget priorities have changed since the terrorist attacks last fall.

One of the more interesting findings from the survey is that 48 percent of respondents said last years terrorist attacks had no effect on their level of concern about the impact of cyberterror on their organizations. And, an equal number said their companies had not changed their resource allocations for information security in the wake of the attacks.

This, experts say, points up the fact that many organizations do not take the threat of a large cyberterrorism event or hacker attack very seriously.

"Information security needs to be a top priority for any successful business, from the executive level to the IT manager," said Dave McCurdy, executive director of the Internet Security Alliance in Arlington, Va.

The survey, conducted by security audit firm RedSiren Technologies Inc., the Internet Security Alliance and the National Association of Manufacturers, polled 227 security specialists in several regions around the world.

Related Stories:

  • Rebuilding for Tomorrow
  • More Security Coverage