More than three-quarters of security professionals have an information security risk plan in place, yet only 14 per cent are very confident in it giving them a complete, concise picture of their security and risk state.
In a survey of 500 attendees at the Infosecurity Europe 2012 conference by HP, 79 per cent of respondents said they had such a plan, but only 14 per cent had confidence in their solutions' ability to inform them of the state of their security and risk.
Also, 90 per cent said they had governance mechanisms in place to drive user behaviour and monitor adherence, but 43 per cent were not confident that they have visibility of risk within their organisations.
Jennifer Lake, security product marketing manager at HP DVLabs, said: “These results indicate that security professionals are not as aware as they think about the real state of their security, or what they should be doing in order to protect themselves from ever-developing threats.”
The research also found that 60 per cent of respondents felt that cyber attacks have increased over the past 12 months, with a further 75 per cent believing attacks will increase again in the next six months.