In an article yesterday, a National Computing Centre survey revealed that 44 percent of IT decision-makers admitted they were not fully aware of IT standards and legal requirements, with 22 percent claiming complete ignorance of the issue! Once you include the significant portion of people who will have claimed full awareness even though they don’t have it, you create the alarming picture that about half the people who are responsible for IT are not fully aware of the laws and regulations they’re supposed to be complying with.
A similar survey of CEOs and Chairman, if it revealed that about half of them were not aware of their corporate governance obligations, would provoke outrage in the press and parliament. Considering the extent to which organizations are data-dependent these days, it’s about time that the board stepped up to its governance obligation where information security and IT governance is concerned – abdicating responsibility to the Head of IT is clearly not working as a strategy.
