A third of organisations have no one specifically in charge of data security

Nearly two-thirds of IT professionals consider distributed denial-of-service (DDoS) attacks to be a low threat, while 72 per cent anticipate no change in the threat they pose.

According to a survey of around 2,500 business IT senior executives, 65 per cent see it as a low threat. Speaking to SC Magazine, Ray Welsh, head of marketing at The Bunker, which conducted the survey, said this could be a result of not taking a DDoS attack seriously and the fact that it is not a theft of data; he added that the figure was "surprisingly low".

He said: “I have dealt with IT departments and people hear about them, but I ask are they aware of them? We provide services and see a lot of DDoS attacks, but you can wrap it up so alerts go off when one happens and you move the IP address to a safe place.”

A question was asked if security news from 2011 had made the respondents' organisations more aware of the need for data security; 67 per cent said yes, and 25 per cent said no. However, another question – "Did the security breaches last year cause your organisation to increase data security measures?" – was answered negatively by 48 per cent and positively by only 44 per cent.

Welsh said: “In a survey you get different responses and understand how people deal with IT. Given that 2011 [featured] the highest amount of security risks, we find that businesses are aware of the first step but are not aware of how to do something about it. The first step is to become more aware of security.

“I think it is the attitude of not knowing what to do, and there is the attitude of ‘we ought to do something' but often it is someone else's job so you do not know where to start.”

Also in the survey, 32 per cent said the IT director was responsible for data security, 27 per cent cited the CIO, and the rest (41 per cent) named a combination of the facilities manager, HR manager, managing director and other staff.

“This is good, but the concern is those who do not have anyone [taking sole responsibility],” Welsh said.

Sign up to our newsletters