Firms Ignoring IT Threats, Study Says

Organizations across the globe are failing to educate their employees when it comes to IT security threats, leaving companies vulnerable to attack by viruses and worms, according to the results of a recent survey released by Ernst & Young late last week.

In an article on Internetnews.com, writer Sean Michael Kerner says E&Y surveyed 1,233 organizations from 51 different countries for its “Global Information Security Survey 2004.” The survey found that only 28 percent of global respondents said “raising employee awareness” was a top initiative in 2004, despite naming “lack of security awareness by users” as their top security obstacle.

"Perhaps the remarkable thing is how little attitudes, practices, and actions have changed since 1993 – during a period when threats have increased significantly," the report states. The survey also found that only 20 percent of organizations view IT security as a CEO-level priority.

60 percent of respondents, according to the survey, said employee misconduct involving information security was a high-level concern for their organizations over the next 12 months. Additionally, it was found that the number one cause for business system outages was hardware failure at 72 percent of which 87 percent originated within the organization itself.

"While the public's attention remains focused on the external threats, companies face far greater damage from insiders' misconduct, omissions, oversights, or an organizational culture that violates existing standards," Edwin Bennett, global director of Ernst & Young's Technology and Security Risk Services, said in a statement.

To read the full article, click here: http://www.internetnews.com/stats/article.php/3412331