According to a recent international on-line security awareness audit, companies are still failing to tackle their information security risks

According to a recent international on-line security awareness audit, companies are still failing to tackle their information security risks. The Security Awareness Index (SAI) showed that organisations are not investing sufficiently in developing and implementing security policies to protect their information assets, nor in training and educating staff.

  • Almost 50% of of the 1348 employees questioned said that they had never received any formal security awareness training
  • 10% said they had never read any of their company's security policies
  • 25% had not read their company's security policies in the last two years, and said that the document was not readily available
  • 60% exhibited an inadequate level of security awareness
  • Almost 90% would open or execute a dangerous e-mail attachment, ranging from a simple Word file to all-powerful VB scripts and binary executables
  • 70% of companies admitted not following up cases where staff had not signed a statement to say they had read and understood the security policy
  • Two-thirds of security managers feel the overall level of security awareness in their organisation is either inadequate or dangerously inadequate.

    The Information Security Awareness Index is divided into two parts. Firstly, it asks chief security officers questions to determine how companies rank in implementing policies and procedures. Secondly, it allows the same officers to test employees' actual knowledge and awareness by e-mailing a survey to any number of employees. It then compiles responses to produce an SAI Security score that compares their security awareness with others in the same industry as well as all respondents.

    To participate in PentaSafe's Security Awareness Index or to buy the results of the survey, visit www.pentasafe.com