More than eight out of 10 U.K. businesses are at risk because their security controls are "fragmented," new research has revealed.
A survey of 99 senior risk management professionals across industrial sectors, conducted by Atos Consulting and the National Computing Centre, found that controls were fragmented in 84 percent of organisations.
Only 7 percent of respondents felt that governance and management controls were fully integrated in their organisations.
Risk management is seen as a priority at the top of organisations, the survey confirmed. More than 70 percent of companies reported an increased level of attention to risk management and security at the head of IT level, with half saying there was a greater focus on these issues at board level. Four out of 10 said they were expecting an increase in the risk management budget in the coming year.
But the research found that only 16 percent of companies had a chief information security officer, and that security in areas such as human resources was often not under their control or oversight.
In the survey, 55 percent of respondents said the security and information risk function had no responsibility for HR, while 75 percent said one of the biggest threats to the integrity of business controls came from within their organisations.
Mark Jones, head of risk management and security services for Atos Consulting, said: "Organisations need a single approach to risk management in order to efficiently and cost effectively protect the company's reputation.
"The survey specifically reveals that the HR function within companies should have a more clearly defined role regarding enterprise risk management policy and enforcing employee adherence, particularly given the recently-reported issues regarding sensitive information on stolen laptops."