The Impact of IT Security Attitudes

Putting the pieces in place for effective security delivery

Published August 2008

One of the issues with reading about IT security is an overwhelming feeling of, “Haven’t we heard it all before?” There is always plenty that can go wrong, and everybody loves a good story about a high-profile failure, a fact only too clear to the vendors of certain security products.

It’s somewhat troubling that both individuals and organisations are far more likely to spend on security in the period following a major incident: no doubt there are some deep-seated psychological reasons why in general, humans fail to deal with the risks or their consequences in advance.

The perhaps unsurprising, if a little unsavoury, result is that security vendors and their representatives often choose to maximise the publicity around negative events.

In this study we wanted to cut through the hype and determine the kinds of things that do actually make a difference to the levels of risk organisations face. The study gathered insight from 1,102 IT professionals.