Security still not on the agenda for IT directors

NEWS IT directors are still not taking security seriously, despite the recent spate of viruses and growing concerns over hacking, web fraud and cyber terrorism. According to the latest research, only half of all IT directors have a security policy in place - and of those that do only 60 per cent have any compliance programme to check the policy is adhered to. The research comes from global outsourcer CSC, which interviewed 1,000 IT directors across the world. Bill Pepper, director of security risk management for the firm, said: "Although this survey shows things are slowly getting better, there are still a lot of companies doing very little. "The economic downturn means companies are not spending as much as they should, despite the fact that in tough times the risks are actually greater." Pepper said the likelihood of attacks from disgruntled ex-employees is now higher than ever before, as is as the risk of industrial espionage. CSC's findings were echoed by others in the industry. Phil Ryan, chair of the Security Forum and a Nortel Networks consultant, said management 'short-termism' was to blame. He told silicon.com: "Since 11 September senior executives have been paying lip-service to IT security, but if they don't follow this through with action it makes the situation worse. "Since the downturn I've seen security people being laid off left right and centre, because in a tight economic environment, they just don't add to the bottom line." Andrew Yeomans, VP of IT security for Dresdner Kleinwort Wasserstein, said that while security is given priority within the banking sector, elsewhere in the industry it is a different issue. He said: "IT managers find it very hard to provide an appropriate level of response to the problem. However once they start realising how much their lack of spend will cost them when they're cleaning up after Nimda for example, things will have to change."