In addition, 75% of Asia/Pacific energy and utility organizations (excluding Japan) leave information security to their IT departments, rather than having a dedicated information security staff, the survey found.
The report found that 20% of these organizations do not align their security strategies with business objectives. In addition, most organizations surveyed take a reactive approach to management of information security threats.
The study attributed the poor information security practices to a lack of experience among these organizations in dealing with information security threats and limited security budgets.
"Most companies that we have surveyed recognized the need for security management. While this is a positive sign, less than 10% of these companies have security policies and strategies implemented. In many cases, even the basic control measures are nonexistent, making adoption of the latest technologies such as cloud computing risky", said Debashis Tarafdar, head for IDC Energy Insights Asia/Pacific.
To better protect their networks, IDC Energy Insights recommends that these organizations assign responsibility for information security to a C-level security executive whose job it would be to focus on information security policies and implementation of those policies, not on IT operations.