Security Survey Results Released

A new security survey of 642 large North American organizations shows that more than 84 percent experienced a security incident over the past 12 months and that the number of breaches continues to rise.

According to the study, which was conducted by The Strategic Counsel on behalf of security vendor CA , security breaches have increased 17 percent since 2003. As a result, 54 percent of organizations reported lost workforce productivity; 25 percent reported public embarrassment, loss of trust/confidence and damage to reputation; and 20 percent reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38 percent suffered an internal breach of security.

In addition, the findings indicate that security isn't being taken seriously enough at all levels of an organization, especially in the financial service industry. Nearly 40 percent of respondents indicated that their organizations don't take IT security risk management seriously at all levels, while 37 percent believe their organization's security spending is too low. Only 1 percent believe it is too high.

Despite these findings, the survey revealed that organizations are taking steps to improve security. The three most important cited security steps were documenting security policies (88 percent), creating security education policies for employees (83 percent), and creating a Chief Information Security Officer position (68 percent) within the organization.

The survey also found that a lack of centralized security administration is affecting employee productivity. Only 6 percent of the organizations were able to provide new employees or contractors with access to all the applications or systems they require on their first day of work.

The survey also found that organizations are turning towards identity and access management (IAM) technology to improve security, enable regulatory compliance and reduce costs. More than 75 percent of the organizations surveyed have implemented some form of IAM functionality and are continuing with IAM investments, with an additional 18 percent planning to begin rolling out an IAM solution or extend their IAM deployments over the next 12-18 months.

The survey of large organizations across North America was conducted by The Strategic Counsel from January through May of 2006. The organizations surveyed had average annual revenues of $1.4 billion and average annual IT budgets of $22 million. The survey was conducted across the manufacturing, government, financial services, retail, communications, healthcare/pharmaceuticals, and oil and gas sectors. Survey margin of error ranges from +/- 2.6 to +/- 3.8 at a 95% confidence level.

Posted by Jon Erickson at 10:40 AM  Permalink