Sometimes I am not sure if I should be banging my head against the desk because of surveys that ‘reveal’ the obvious, or because there are businesses out there providing the ammunition for such research by refusing to remove their heads from their collective arses. Today I am leaning towards the latter as I read the new KPMG e-Crime report.

The survey itself was of 200 senior security decision makers, although I have to say that description seems almost laughable given the results, from global businesses including a bunch of FTSE 100 listed outfits. Here’s why my head is so sore, in a nutshell:

41 percent of those surveyed admitted that a lack of knowledge regarding potential vulnerabilities was leaving them open to attack, and a staggering 51 percent went on to state that they aren’t aware of any strategy for dealing with e-crime risk within their business.

Come again squire, say what? Can I just repeat myself and point out that these are meant to be ’senior security decision makers’ from FTSE 100 listed companies amongst others. No wonder there are so many high profile data breaches making the headlines, with numbnuts like that making the security decisions – or rather not making them by the looks of it. If you lack knowledge about the threat landscape, go learn it. If you are unaware about e-crime risk strategy, put yourself to the sword and let someone worthy of the job title take over. Simple.

But wait, it gets better. Well, worse, actually. Some 29 percent of those asked admitted they had invested in the cloud, and a further 65 percent in outsourcing, yet 69 percent agreed doing so presented the greatest security risk to their corporate data. Doh! With knobs on.

The main thrust of the report itself seems to be in order to highlight that 78 percent of IT security professionals in the UK do not have any insurance against the costs of e-crime. I’m not altogether surprised, the premiums would be sky high if the insurers realised what a bunch of know-nothings they were dealing with on the basis of this research at least. It would be akin to insuring a one-legged man against the risk of falling over if he tried to kick someone…