If a week is a long time in politics, then 24 hours is an absolute age in ecommerce security terms. Which make the findings of a Tripwire survey, published today, all the more worrying.

The survey, conducted by Atomic Research, questioned 102 financial organizations and 151 retail organizations which process card payments in the United Kingdom. It has concluded that 35% of organisations takes two or three days to detect a breach, with 44% admitting they could protect customer data better.

This gets more worrying when you realise that 24% had already been victims of a data breach which saw Personally Identifiable Information either stolen or accessed, and 36% of those asked said they didn't have confidence in their incident response plans. With only 51% being 'somewhat confident' that the security controls they have in place are capable of detecting malicious applications you might think this would be a serious cause for concern for the organisations concerned. Yet an incredibly high 40% of them simply refused to believe that all those recent, and very high profile, card holder breaches we have been reading about have changed the opinions of high level executives when it comes to security strategy.

Tim Erlin, director of IT security and risk strategy for Tripwire which sponsored the report, calls it shocking that there is such a high level of confidence exhibited by respondents. "60% of respondents said they are confident that their security controls are able to prevent the loss of data files" Erlin says, continuing "but this confidence flies in the face of recent evidence to the contrary."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.