Firms 'must re-examine' IT security governance

Companies are not responding adequately to IT security threats, according to a new report, potentially putting infrastructure and customers at risk.

The Deloitte Touche Tohmatsu (DTT) 2009 Consumer Business study found that executives in consumer organisations are not focusing their strategies on the right areas.

Based on the view of IT executives and information officers from global companies, the report found that 53 per cent of organisations do not have a security governance structure in place.

Just ten per cent of respondents were prioritising the management of 'insider threats' to security, while only nine per cent had an enterprise-wide, proven business continuity plan in place.

"Our study found that the industry needs to re-focus its information security efforts to best respond to increasingly sophisticated and innovative threats," said Adel Melek, global security, privacy and resilience leader at DTT.

The report also revealed what it called a 'last one to adopt' approach to security technology, with 52 per cent of organisations sticking with established security products.