Information security is still regarded as a technical issue left to the IT department with up to 40 per cent of organisations not even bothering to investigate breaches, according to an Ernst & Young survey.
The 2002 Global Information Security Survey which interviewed 450 CIOs, including 22 IT executives in Australia, found only 40 per cent of respondents were confident they could even detect a systems attack.
Just as alarming is that only 53 per cent of organisations had business continuity plans; the survey was undertaken after September 11.
The main causes of business interruption failures were cited as hardware or software failure (56 per cent) and telecommunications failure (49 per cent).
According to the report, "evidence abounds about the number of IT-dependent businesses without tested business continuity plans which fail to survive a disaster; even with plans in place they may not be effective because they have been developed in isolation from the business or have not been tested."
Organisations claim employee awareness is a serious barrier to achieving effective security and more than half had trouble sourcing internal security skills sets.