A new survey from McAfee has painted a picture of growing patching confusion in European businesses, with over a third of those questioned having no idea how many patches had been applied in their companies in a six month period.

Fifty-eight percent had no idea how much patch deployment was costing them, while nearly half had no plan for prioritising which applications should get patches.

The company surveyed 600 IT decision makers across Europe, working in companies of 250 or more employees. Countries included were Germany, The Netherlands, Italy, France, Spain and the UK.

More than a quarter said it took them as long as two days to deploy a patch so that the vulnerability in question had been addressed, with a further 20 percent saying that the process took up to a week or longer.

The statistics for the UK were even worse. Forty-three percent of those asked from the country said they had no information on the number of patches applied in any six-month period, with 59 percent unsure of patching costs.

These statistics come against a backdrop of increasing compliance pressures, with patching a major element of meeting its demands. What is clear is that patching has become a major headache for companies even though it is still seen as an administrative task in some quarters.

“There were 5,198 reported vulnerabilities in 2005. Each of these vulnerabilities has the potential to wreak havoc on a corporate IT network,” the introduction to the McAfee report notes in slightly sensational terms.

More bothersome, forty-eight percent believed their businesses were never 100-percent protected from vulnerabilities, something that could apply even if they had been patched.