Despite a year of unrelenting talk about the specter of cyber-terrorism, 30 percent of information security professionals responding to a new survey said their companies dont have adequate plans for dealing with security and cyber-terrorism issues.
In addition, nearly 40 percent said their companies security policies and plans are not regularly reviewed by senior management.
The results highlight the fact that many executives still dont consider security a critical part of their companies strategic plans despite the continued increase in the number and severity of attacks on corporate networks. Experts say the responses also show a dangerous level of naiveté on the part of some of the security professionals polled.
“I was flabbergasted by the idea that there are 30 percent of the people who think theyre safe,” said Pete Lindstrom, an analyst at Hurwitz Group, in Framingham, Mass. “The goal in security is making incremental gains in your level of security year after year.”
One of the more interesting findings is that 48 percent of respondents said last years terrorist attacks had no effect on their level of concern about the impact of cyber-terrorism on their organizations. In addition, an equal number said their companies had not changed their resource allocations for information security in the wake of the attacks.
The survey, conducted by security audit company RedSiren Technologies Inc., the Internet Security Alliance and the National Association of Manufacturers, polled 227 security specialists in several regions around the world.