Cybersecurity Survey: Despite Losses, Enterprises Making Progress
Symantec Corp.'s latest State of Security report for 2011 examines the state of over 3300 enterprises' cybersecurity efforts, and like last year's survey, IT puts security squarely at the top of its list of business risks (according to 49 percent of respondents), followed by "IT incidents caused by well-meaning insiders" at 46 percent. Symantec emphasizes that those risks are "ahead of traditional crime, natural disasters, and terrorism."
There's good news in the survey: enterprises say they're doing a better job at fighting cybersecurity threats, even though 71 percent having been attacked in the last 12 months (compared with 75 percent in 2010). Twenty-nine percent of enterprises have it bad: they said they experience attacks "on a regular basis," though that frequency wasn't defined.
Fortunately, those reporting an increase in the frequency of attacks dropped (from 29 percent last year to 21 percent this year). Unfortunately, 92 percent of enterprises reported being attacked that caused losses; the top three loses were downtime, theft of an employee’s identity, and intellectual property theft. On the positive side, 100 percent of respondents to last year's survey reported a loss. Leading attacks were from "malicious code, social engineering, and external malicious attacks."
Losses included "productivity; revenue; lost organization, customer, or employee data; and brand reputation," Symantec explained. "The survey found that 20 percent of small businesses lost at least $100,000 last year due to cyberattacks. That figure was even higher for large enterprises, with 20 percent incurring $271,000 or more in damages."
In a company release, Sean Doherty, vice president and chief technology officer of Enterprise Security at Symantec, points out that “There’s no question that attackers are using more insidious, sophisticated, and silent methods to steal data and wreak havoc. Organizations today have more to lose than ever before and need to keep adopting the security innovations and best practices that the industry is delivering to stay protected.”
Security is getting the recognition it deserves. More enterprises believe it's vital to maintain the security of operations and their information. "Forty-one percent said cybersecurity is somewhat or significantly more important than 12 months ago." Fortunately, only 15 percent think the opposite -- that it's "somewhat" or "significantly less" important.
Several trends are keeping IT on its security toes. For example, 47 percent of respondents identified mobile computing was making it harder maintain cybersecurity; social media wasn't far behind (at 46 percent); the consumerization of IT was cited by 45 percent of respon) dents.
Slightly more than half (52 percent) say they are doing "somewhat or extremely well in addressing routine security measures," and almost as many (51 percent) say they're doing "somewhat or extremely well" in their response to attacks and breaches. They’re less successful in handling compliance or pursuing "innovative security measures."
Applied Research conducted the telephone survey of 3,300 respondents in 36 countries in April and May 2011. The survey targeted "C-level professionals, strategic and tactical IT, and individuals in charge of IT resources from companies with a range of 5 to more than 5,000 employees."
You can read a full copy of the report here. No registration is required.
Posted on 09/14/2011