In IP EXPO’s 2011 security index survey which was conducted among IT professionals from businesses of all sizes and sectors on behalf of Imago Techmedia and the IP EXPO show organisers.

Respondents to our survey overwhelmingly agreed that IT security should not be viewed as an isolated activity, but would best be treated as an integrated part of businesses’ entire technology reviews and processes,”

said Mike England, Social Business & Content Director at IP EXPO event organiser Imago Techmedia

The key findings include:

  • 70% said they believed security would be best considered collaboratively and routinely across all aspects of ICT
  • 47% said they believed their own organisations needed more security-related collaboration between different ICT disciplines
  • 44% of respondents stated that at least a quarter of their jobs involved IT security.  For 23%, security took up more than half their time
  • 23% of respondents said that their approaches to compliance compromised their security
  • 26% said mobile devices such as smartphones and laptops posed the highest risk of data loss to their businesses.
  • 18% said memory sticks being used for data theft posed the highest risk to their businesses
  • 18% of IT pros say their businesses may not survive the consequences of a major security breach
  • Nearly one-fifth of IT professionals fear their businesses may never re-open for business or would fail shortly after a major security breach
  • 68% said they viewed IT security as “a necessary evil”

CSA UK & Ireland President Des Ward commented on the results of the survey:

Lack of collaboration and a perceived disconnect between security and business would explain the view of security being deemed ‘a necessary evil’, or even a cost of doing business online and consequently having little real business value. Businesses need to evolve beyond compliance risk management to information risk management in order to implement strategies that reduce the likelihood of breaches occurring, while at the same time affording a level of business agility fitting today’s interconnected society,” he suggested.

Of the main findings, Nigel Stanley, security practice leader at Bloor Research and IT Security Pathfinder at IP EXPO, said:

What’s clear is that even if someone’s job doesn’t directly involve security per se, everyone needs to be actively engaged in dealing with the problem.  And the way that businesses are going about it is encouraging, because security management needs to be a two-way process with the users actively engaged in the process.  Generally, taking compliance steps should enhance an organisation’s security – unless of course it is doing just enough to tick the boxes but failing to see the broader benefits of building a compliant business.  However, reducing security posture to achieve compliance is bonkers.

The IT security industry has been left wanting in respect of the consumerisation of IT that’s been fuelled by smartphone adoption.  Only now are we starting to see management tools for these devices, so it’s no surprise that these have been identified by respondents as the biggest risk area,” he commented.

IP Expo will be in london on the 19th and 20th October 2011.