Despite growing concern about data breaches, 51 per cent of IT professionals surveyed by network security vendor nCircle said their organisations do not have clear consequences for policy violations.The results highlight the challenges in creating and implementing a comprehensive security policy, according to Andrew Storms, nCircle director of security operations.
"It's interesting that these results are nearly evenly split," said Storms, noting that a minority (49 per cent) indicated that their organisations have clearly stated consequences for policy violations.
"This reflects the challenge of maintaining a corporate policy that matches a continuously changing threat environment. It also reflects the challenge of applying that policy when every infraction involves a different level of risk and a wide variety of human factors."
Stoms, in a news release, said the results give some reason for hope.
"The fact that nearly half believe their policies do indeed have 'teeth' and are enforceable seems to demonstrate that organisational commitment to maintaining stringent security policy and meting out appropriate consequences is increasing."
The San Francisco-based vendor surveyed 113 IT security professionals between 7 May to 16 Aug.