A survey conducted by IT security and automation firm Tripwire and research house Ponemon Institute quizzed 1,320 professionals from IT disciplines in the UK and US about their approach to risk based security management.
When asked about their commitment to managing risk, 77% rated it as significant or very significant, while 59% said that having one aligns security programmes with business objectives.
However, 51% of organisations admitted they had no security posture in place, while 61% said their leader had no involvement in the business’s risk management strategy. And only 27% said they were operating a risk management strategy across the business.
Dr Larry Poneman, chairman and founder of the Ponemon institute, said: "The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task.
"Unfortunately, the full value of a risk-based approach to security can only be realised when senior business leaders fully participate in the process," he said.
Elizabeth Ireland, VP of product marketing for Tripwire, said there was a gap between businesses’ commitment to risk management and how they are actually operating.
"This could be because many organizations haven’t fully connected the importance of their cyber security program to their top-level business risks in spite of the rapid increase in cyber security threats," she added.
