All organizations face a range of threats that have been around – and getting progressively worse – for a number of years. Few organizations have taken adequate steps to deal with them. A conclusion of the CBI Cybercrime Survey 2001 was that ‘deployment of technologies such as firewalls may provide false levels of comfort unless organizations have performed a formal risk analysis and configured firewalls and security mechanisms to reflect their overall risk strategy.’

Unless the organization actually has a risk strategy, it’s not going to be able to ensure that its cyber defences will meet its requirements.

The magazine Information Security carried out an online survey of 2,545 ...