While 78% of large companies say their databases are "critical" or “important” to their business, 40% of them don’t monitor databases for security purposes.

Those are the primary results of a Ponemon Institute research study released today that surveyed 649 IT executives.

Ponemon’s report, titled “Database Security 2007: Threats and Priorities within IT Database Infrastructure” also indicates that 57% of the IT executives surveyed admitted their organizations haven’t taken “adequate measures” to protect against malicious insiders, and 55% acknowledged there had no “adequate measures” in place to prevent data loss. Eighty percent of the surveyed IT executives said their organizations have more than 100 databases, primarily a multiplatform environment including Microsoft SQL, Oracle and IBM DB2.

The study, sponsored by Application Security, reported that 78% of the respondents have corporate IT budgets in excess of $30 million. According to the study, this segment increased spending for IT security from 17% to 23% of the total IT budget from 2006 to 2007. Smaller companies were said to have increased security spending from 14% to 18% of the total IT budget.

The top priority among the IT executives responding was not database security and monitoring for suspicious activity. The most critical priorities the IT executives cited for this year were upgrading existing applications, consolidating IT and improving efficiency.

In its conclusion, Ponemon stated, “Even in the face of frequent, expensive, and highly publicized breaches, respondents have not made protecting customer and employee information a high priority.” The research firm added it considered its “observations are preliminary” and would do further research on the topic.