According to Preventsys survey of 385 IT executives on IT security measurement, 58% of respondents indicate they measure security through manual reporting, relying on spreadsheets and email to track, report and share information. 4% have an entirely automated process for security reporting, while the remainder used a mixed approach. 10% of IT security executives claim that their company's security measurement practices are "very effective", while 15% admit they are "ineffective" and 36% "don't know." 39% claim their practices are "effective." When it comes time to present those security metrics and reports to the executive team, a whopping 58% of respondents do so only when asked, followed by 18% reporting monthly, 14% weekly and 10% reporting just four times per year.