Cyber – IRM survey highlights risk management gaps in security.

Many companies are failing to protect themselves adequately against the risk posed by cyber-criminals, according to international research by the Institute of Risk Management. To help risk managers, the IRM have produced a guide to the subject.

A global survey of IRM members revealed:

• Although 82% of organisations surveyed had an information security programme, less than half also looked at the security practices of their supply chains.
• Over 90% of organisations were allowing staff to use mobile devices for business use, but less than 40 percent required formal security configuration of these devices.
• Nearly 40% of organisations reported using some sort of cloud-based facility, but one third of these had not yet developed a security policy in respect of their use.
• Of those surveyed, 20% of organisations undertook no information security training. 
• Access to social media varied widely from the 20% of organisations that operated a complete lockdown with no access permitted from any business devices to the 9% who had no restrictions at all.
• 10% of respondents reported that at least one breach of their online ems had taken place in the last three years, with consequences ranging from regulatory fines to compensation costs, share price falls and reputational damage.

A summary of the report is available at http://theirm.org/CyberRisk.html.