While 78% of large companies say their databases are "critical" or "important" to their business, 40% of them don't monitor databases for security purposes.

Those are the primary results of a Ponemon Institute research study released this week that surveyed 649 IT executives.


Ponemon's report, titled "Database Security 2007: Threats and Priorities within IT Database Infrastructure" also indicates that 57% of the IT executives surveyed admitted their organisations haven't taken "adequate measures" to protect against malicious insiders, and 55% acknowledged there had no "adequate measures" in place to prevent data loss.

Eighty percent of the surveyed IT executives said their organisations have more than 100 databases, primarily a multi-platform environment including Microsoft SQL, Oracle and IBM DB2.

The study, sponsored by Application Security, reported that 78% of the respondents have corporate IT budgets in excess of $30 million (£15.2m). According to the study, this segment increased spending for IT security from 17% to 23% of the total IT budget from 2006 to 2007. Smaller companies were said to have increased security spending from 14% to 18% of the total IT budget.

The top priority among the IT executives responding was not database security and monitoring for suspicious activity. The most critical priorities the IT executives cited for this year were upgrading existing applications, consolidating IT and improving efficiency.

In its conclusion, Ponemon stated: "Even in the face of frequent, expensive, and highly publicised breaches, respondents have not made protecting customer and employee information a high priority." The research firm added it considered its "observations are preliminary" and would do further research on the topic.