A majority of German top executives don't see any need for more data security in their companies, according to a survey by consultants Steria Mummert.
The poll, conducted in the second half of 2011 among 205 senior German executives, found that two-thirds of the board members interviewed felt their companies are doing enough to safeguard their data or may even be doing too much.
That point of view contrasts with the general views expressed by all of the executives - including CIOs - polled for the study. A majority of the sample was unhappy with the data security in their companies, either because they felt policies were too restrictive or not effective enough.
Steria Mummert found that about 20 pc of German companies considered their management and surveillance of IT security insufficient. About 25 pc, on the other hand, said measures undertaken in their companies were excessive.
Executives in the telecommunications, media and IT industries were in the latter group, while banking and public-sector executives would like to see more being done.
Steria Mummert said its findings show that company managers are unclear on standards that should be applied for data security. "This broad unhappiness with the status quo shows that companies don't have a clue how much control and surveillance can be accomplished and is appropriate," said Gerald Spiegel, a Steria Mummert IT security expert.
Control, monitoring and logging are essential elements to get compliance and security in IT, Steria Mummert said in a press release. It noted, however, that barely 20 pc of companies polled uses tools that automatically take stock of hardware and software or automatically analyze log data. A mere 17 pc use tools to automatically test IT security configurations and only 14 pc automatically test systems for vulnerabilities.
Said Spiegel: "A lack of resources often makes the continuous checking and monitoring of security-relevant parameters an unattainable vision."