Over half of CIOs fail to test cloud vendors' security systems and procedures before selecting the provider, according to a survey of 250 senior IT decision-makers.
The research, conducted by IT recruitment consultancy Robert Half Technology (RHT), polled CIOs and IT decision-makers in the UK public and private sector.
Although 84 per cent of senior IT decision-makers claimed that they were concerned or very concerned about the risks associated with IT security breaches, 55 per cent of CIOs have not tested cloud vendors' security systems and procedures.
Worse still, more than one in 10 of the CIOs said that they are not taking any proactive action to address cyber security.
Phil Sheridan, managing director of RHT, said that many CIOs are left with no choice but to migrate to the cloud to ease the burden on IT budgets, regardless of the subsequent security risks.
"Looking towards 2013, CIOs are charged with juggling multiple priorities, with regulation, integration and migration projects putting additional pressure on busy IT departments. But the risks of not migrating to the cloud, notably the achievement of significant cost reductions, may outweigh the potential security risks that concern IT executives. Budgets continue to be stretched and any potential cost savings that IT can deliver will be welcomed throughout the business," he said.
Computing research* has found that firms have several reasons why they are concerned about moving to the cloud. These include data security (77 per cent of firms), legal issues around where it will be stored and who will have access to it (48 per cent) and the reality of moving equipment offsite (46 per cent).
With the Information Commissioner's Office (ICO) able to fine organisations up to £500,000 for a data breach, Ryan Rubin, UK director of risk consultancy Protiviti believes that ensuring data stored in the cloud is safe is of greater concern than the cost benefits of moving to cloud alone.
"Since an increasingly higher percentage of IT security breaches involve third parties, gaining assurance from cloud providers is critical to managing information security risk. Whilst companies may migrate IT towards cloud providers in an attempt to reduce costs, they cannot outsource their information security risks. Unless adequately managed, the cost of security breaches – either regulatory and or legal – may outweigh the perceived benefits of moving into the cloud," he said.