Failing security threatens FTSE100 firms

They've got the prestige, but have they got the security?

Shareholders in some of the UK's most prestigious companies may be horrified to hear that only 16 per cent of FTSE100 firms employ a properly qualified, dedicated security specialist to safeguard their systems from cyber attack. These findings have caused one IT training organisation to hit out at what it calls "boardroom apathy" regarding the issue of security, with too many CEOs adopting an 'it couldn't happen to us' attitude. Despite a recent spate of high-profile virus attacks, and the constant threat posed by hackers, companies still appear to be leaving a lot to chance - a stance which Robert Chapman, co-founder of The Training Camp, who conducted the survey, says displays a worrying level of "ignorance". Chapman told silicon.com: "It's really worrying and it should certainly be worrying for these companies and those who are investing in them. You would never hear about a large company which doesn't have a designated legal specialist or accountant, but security is something which companies don't seem to take as seriously as other issues." Chapman also expressed concern about the limited take-up of the 'gold standard' security qualification - the Certified Information Systems Security Professional, or CISSP - within FTSE100 companies. "I don't know if this is just a case of UK plc lagging behind again, but in the US the position of chief security officer is now far more common than in the UK and CISSP qualifications are also more common." "It is stunning that a large number of FTSE100 companies don’t employ a dedicated professional with the right background and top-level accredited certification," he added. Chapman warned that it will probably take a "fall guy" - such as a big bank or insurance company - to be hit by a major breach before UK companies "sit up and take notice".