More than half of UK businesses do not have processes for managing security issues and complying with legislative directives.

Fifty-one per cent of surveyed IT and security managers doubt their companies' readiness for compliance with legal changes such as the global PCI credit card security standard and in-coming European regulations liberalising the region's financial markets (Mifid).

A further 40 per cent said that upper management were paying lip service to IT security just to gain compliance status, says the NetIQ report published today.

Just less than a third (29 per cent) of respondents said their companies' business objectives are not aligned with security policies, and 57 per cent said that internal staff do not understand the legislation that will affect their operations.

Risk management requires companies do more than simply investing in the relevant technology, says NetIQ security products director Ulrich Weigel.

'Policies and procedures must be relevant and integrated with the company’s business and objectives,' said Weigel.

'It is imperative that IT and security managers are able to communicate at senior board level and that security is no longer just a cost item on the balance sheet,' he said.

The EMedia survey for NetIQ questioned 218 security and IT managers across the UK.