Half of all IT managers do not know if their organisation has an information security policy in place.

Businesses are still leaving themselves exposed to potentially devastating security breaches, according to PentaSafe Security Technologies Ltd. Its claim is supported by findings from a recent MORI survey, which highlighted the fact that over half of the IT managers interviewed did not know if their organisation had an information security policy in place. Another recent report by the Department ofTrade and Industry, supported MORI's findings, showing that only 14% of companies have implemented a security policy. PentaSafe is urging organisations to consider information security as an operational issue, rather than merely a responsibility of the IT department.

"The results of these surveys should shock the senior management of any company. Information is the lifeblood of the business world, and so measures to protect it should be a top priority for senior management.

Furthermore, directors are legally responsible for ensuring that measures have been taken to protect sensitive company information. For that reason alone, the whole issue of security must now be elevated from the IT department and into the boardroom," said Malcolm Skinner, PentaSafe Security Technologies product marketing director.

The DTI report also draws attention to the fact that an organisation is at great risk from its own staff, from disgruntled employees who deliberately set out to destroy or damage data, to staff who accidentally make an error which affects the company's information security. Similarly, external hackers still remain a real threat to organisations, as the recent high profile hack-attacks prove. Last year, hackers cost businesses $1.6 trillion according to PricewaterhouseCoopers.