Companies do not evaluate the effectiveness of their security policies.
The results of a recent survey from dns and PwC has shown that almost 30 per cent of companies have failed to either review or measure the effectiveness of their security policies in the last year.
The survey, which polled 7,000 IT executives, comes in the wake of falling confidence in data and identity protection as few have any solid confidence left in suppliers or business partner's security.
Natasha Bolton, head of assurance services for dns said: “The growing difficulty in securing and managing data effectively has left a big void in customer confidence. It's understandable that in light of continuous stories of lost data, breaches and mishandling, customers are increasingly under the impression that companies are unsure about how to look after sensitive information.
“With a number of companies yet to develop a risk profile, some organisations are leaving security policies to chance. To combat this apparent lax attitude, companies will need to implement a business led approach to data security, as information assets are critical investments.
“Firms are still yet to realise that as well enforcing security policies and educating staff, companies need an effective system to manage the process 24/7. It is vital that companies work together with third party security experts, as their knowledge and experience will allow them to develop a security policy which balances operations with security needs and compliance.”