John Leyden reports on The Register that data theft and regulatory compliance have replaced malware and hacking as the top security concerns to businesses.

Vanson Bourne and Cisco conducted a poll of 100 enterprise IT security chiefs in UK companies. 38% of respondents place information theft as their top concern and 33% worry about regulatory compliance. In 2006, the top concern indicated was viruses, at 55%. Only 27% still consider viruses the top threat.

The survey suggests that internal threats from errant employees are increasingly a concern to security professionals. 43% of respondents are concerned with staff passing off or stealing confidential information and property. The focus has reversed from external threats to internal threats.

"In 2006, security concerns were focused on mitigating specific, typically external threats, but our research finds that security professionals are taking a more business-oriented approach in 2007," Cisco senior security advisor Paul King said. "They are concentrating on safeguarding the information at the heart of the business, regardless of the form the attacks may take or where they may originate."

Over half of the respondents expressed frustration in getting their concerns heard at the board level. IT security was not being considered a board-level issue in these cases. This poses a barrier to an effective security policy.

As security threats move inwards, it is increasingly important that security be a company-wide issue.

Tags: security, internal security, data theft, security professionals, it, it security, security training, security policy