A survey conducted by IT security and automation firm Tripwire and research house Ponemon Institute quizzed 1,320 professionals from IT disciplines in the UK and US about their approach to risk based security management.
When asked about their commitment to managing risk, 77% rated it as significant or very significant, while 59% said that having one aligns security programmes with business objectives.
However, 51% of organisations admitted they had no security posture in place, while 61% said their leader had no involvement in the business’s risk management strategy. And only 27% said they were operating a risk management strategy across the business.
Dr Larry Poneman, chairman and founder of the Ponemon institute, said: "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task.