Less than half of UK companies have the necessary IT security systems in place to comply with new legislation such as the Payment Card Industry's Data Security Standard (PCI DSS) and the Markets in Financial Instruments Directive (MiFID), new research has warned.

The eMedia survey of 200 chief information security officers at top UK firms, conducted on behalf of NetIQ, found that most company bosses were merely "paying lip service" to new security standards. This was despite the fact that these people could be found personally liable for any damages claimed as a result of non-compliance to new IT security measures.

A total of 51 per cent of firms in the survey were found to still be without necessary PCI DSS and MiFID systems, while 57 per cent of respondents also admitted that internal staff did not understand how new legislation would affect their firms.

"This reinforces the need for the CSO to be not only a technologist but also a good communicator, who is able to interact with people outside of the IT department. We see many misconceptions about the importance of risk management in the market place," said Ulrich Weigel, director of security products at NetIQ.

"IT and security managers must ensure that the policies and procedures are relevant and integrated with their company's business and objectives."

According to recent survey by Connect, the two biggest IT headaches for businesses were 'everyday hassles with IT' (37 per cent) and 'security concerns' (32 per cent)