Conducted by IT Governance, the survey's goal was to shine new light on how company directors and board members currently perceive IT security issues. Most of the respondents are from the UK, are IT professionals, and work for tech and financial firms, telecoms, and the government / local authorities.
A quarter of the total have said that their organization has received a concerted cyber-attack in the past 12 months. However, the true total may be higher, as over 20% are unsure if their organization has been subject to an attack.
Despite all that, over 40 percent of them say that their company is either making the wrong level of investment in information security or are unsure if their investment is appropriate.
And it doesn't help that reports on the status of the organizationís IT security are often delivered only once a year or in even bigger intervals - or that in only 30 percent of the cases board-level job candidates are aware and understand current IT security threats.
The good news is that customers are beginning to take the company's security credentials into consideration when choosing their suppliers. 74% of respondents say their customers prefer dealing with suppliers with such credentials, while 50% say their company has been asked about its information security measures by customers in the past 12 months.
Despite all this, compliance with the ISO/IEC 27001 security standard is not high (around 35 percent) with the companies whose employees / managers have been polled.
The UK-based consultancy has also offered a few tips on how to help your company turn negatives into positives, reduce risk and improve compliance and knowledge.