2011 State of Security Survey Investigates What Businesses are Doing About Security
With data breaches and cyber attacks constantly making headlines, it’s clear businesses continue to face challenges when it comes to securing IT assets and protecting company data. The good news – a new survey commissioned by Symantec has found IT security budgets and workforces appear to be reacting accordingly.
Symantec’s 2011 State of Security Survey fielded responses from a total of 3,300 businesses to gauge their attitudes about risk and security. Among the findings: the number of organizations reporting attacks in the past 12 months dropped to 71 percent from 75 percent in 2010, and the number reporting an increased frequency of attacks dropped from 29 percent to 21 percent year-over-year.
For many businesses, those drop-offs seem to be corresponding to an increase in staffing and security budgets focused on certain areas. In regards to staffing, 46 percent of respondents said they are increasing staff in the areas of network and Web security. A virtually identical percentage said they were increasing their budgets for those areas as well (42 percent for network security, 41 percent for Web security). Meanwhile, 38 percent are increasing their security systems management budgets.
The main drivers of security will sound familiar. When asked what industry trends are affecting the difficulty of security, the most mentioned issues were mobile computing (47 percent), social media (46 percent) and consumerization of IT (45 percent).
“These trends are certainly not short-term, and will continue to evolve as employees – including C-level executives – ask IT to support their smart phones, tablets, and as those devices become more sophisticated and capable to handle business tasks,” said Chirantan “CJ” Desai, senior vice president of the Endpoint and Mobility Group at Symantec. “As organizations deal with the proliferation of smartphones and tablets in the enterprise, as well as the immense popularity of social media, they are grappling with new security challenges…(but) it’s clear that organizations are stepping up their efforts in improving their protection.”
The cost of failing at security can be high. Twenty percent of the respondents lost at least $195,000 as a result of cyber-attacks. Ninety-two percent of companies saw losses from cyber-attacks, with the top three kinds of losses reported being downtime (43 percent), theft of employee personally identifiable information (20 percent) and theft of intellectual property (19 percent). These losses translated to monetary costs 84 percent of the time, according to the survey.
“Organizations need to develop and enforce IT policies, and that includes regularly educating employees on those policies,” Desai told SecurityWeek. “By prioritizing risks and defining policies that span across all locations, companies can enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur or anticipate them before they happen.”
Methodology Note: The 2011 State of Security Survey was conducted in April and May of 2011 by a market research firm commissioned by Symantec. Researchers contacted a total of 3,300 businesses, ranging from five to more than 5,000 employees. The businesses represented a variety of industries. In the case of small businesses, the respondents were responsible for computing resources at the company, while enterprise respondents were tactical IT, strategic IT or C-level executives.
Cloud Security Reading: The Big Shift to Cloud-based Security
IT Security Resource: Justifying IT Security: Managing Risk & Keeping Your Network Secure