UK firms at risk over attempts to manage IT security in-house

Information Technology (IT) services and solutions specialist Unisys’ latest survey on the challenges of managing enterprise level security risks suggests that 72% of corporate concerns now employ a dedicated IT security manager to look after network and data security.

The independent survey of 300 enterprise security IT managers from large public and private sector organisations reveals that 80% of IT departments concentrate on managing all security requirements in-house, with 88% of respondents citing loss of control as the leading barrier to outsourcing. Managing security updates and systems integration are a concern for 50% of IT managers, while 34% feel that a lack of in-house expertise actively constrains any current or future IT security initiatives.

In investigating how the primary UK corporations are approaching information security risks, the Unisys research also reveals that the corporate security agenda is currently being driven by the threat of virus attacks. 64% of respondents stated that this is the case. Unauthorised system access is foremost in the minds of 53% of those managers questioned.

Of those organisations surveyed, 49% are now using the strength of their IT security systems to build customer trust, while 35% believe that the biggest threat from security breaches is to their stakeholder relationships. In addition to loss of control, the perceived risk to the organisation is a significant barrier preventing clients from procuring any form of outside help and expertise.

Commenting on the research, Bart de Maertelaere – Unisys partner and global infrastructure services security specialist for EMEA – told SMT: “Today’s security and IT managers are aware of security threats affecting their business, and understand the importance of securing their corporate network and protecting company data, yet our research has shown that two-thirds of companies are still resisting the need to outsource certain elements of their security strategy.”

According to de Maertelaere, organisations who lack the necessary resources are placing themselves at risk by attempting to manage all of the constantly evolving security threats in-house, rather than gaining insight and understanding from a third party with specific expertise in the field.