A national security and privacy survey sponsored by CA, Inc. (NASDAQ: CA – News) and conducted by The Strategic Counsel showed that security threats from within an organization now are a bigger problem than attacks from external sources.
At the same time, the number of U.S. organizations reporting loss of confidential data and reduced customer satisfaction has increased by 55 percent and 65 percent, respectively, in the past two years. According to the CA 2008 Security and Privacy Survey, in 2008 more than 34 percent of organizations reported a loss of confidential information as a result of security attacks and breaches, up from 22 percent in 2006.
eDanger Shifts to The Devil You Know
Reduced customer satisfaction as a result of security attacks and breaches has also significantly increased from 20 percent in 2006 to 33 percent in 2008. Respondents also reported additional business costs from compromised security, including:
Loss of productivity â€“ 61 percent in 2008 compared to 52 percent in 2006.
Loss of trust/confidence â€“ 35 percent in 2008 compared to 30 percent in 2006.
Embarrassment â€“ 33 percent in 2008 compared to 28 percent in 2006.
Survey responses indicate one reason for the rise in information loss and decline in customer satisfaction is the changing nature and source of security threats themselves.
While other major security attacks are reported to be on the decline, internal security breaches are steadily increasing. In 2008, 44 percent of survey respondents identified internal breaches as a key security challenge over the 12 months preceding the survey â€“ compared with 42 percent in 2006 and 15 percent in 2003. Conversely, the number of respondents reporting virus attacks in the 12-month periods preceding the 2006 and 2008 surveys decreased from 68 percent to 59 percent, network attacks from 50 percent to 40 percent, and denial-of-service attacks from 40 percent to 26 percent.
â€œThe survey points to an increase in the severity of consequences of internal breaches. The implications are now tied squarely to dollars and reputation,â€ said Lina Liberti, vice president, CA Security Management. â€œThe potential aftershocks of an internal breach have the attention of both the business and the IT organization, and for enterprise organizations the priority has now shifted from reactive to proactive security strategies to deal with this threat.â€
Security compliance costs
The CA survey results show there has been significant time and IT budget spent on IT security compliance to help meet regulations and mitigate future risk.
Fifty-seven percent of respondents reported that their IT organizations spend 20 percent or more of their time on ensuring IT security compliance, and 56 percent indicated their organizations spend 20 percent or more of their IT budget on ensuring IT security compliance.
Combating attacks and internal breaches
Critical to successfully combating security attacks and breaches is an organizationâ€™s willingness to invest, but nearly 32 percent of U.S. security executives believe their own organizationâ€™s spending on IT security is too low.
The survey results point to Identity Access and Management (IAM) solutions as a key and growing area of security investment by large U.S. organizations. IAM solutions enable organizations to facilitate and control access by their users to critical online applications and resources â€” while protecting confidential personal and business information from unauthorized access.
Survey respondents indicate that more than 85 percent of large U.S. organizations are using an IAM solution, with 75 percent of those organizations planning to make further IAM investments within the next 12 months. Sixty percent of those polled who are not currently using an IAM solution plan to implement or roll out IAM functionality within the next 12 to 18 months.
About the CA 2008 Security and Privacy Survey
This survey was commissioned by CA and conducted by The Strategic Counsel as a follow-up to the CA 2006 Security Survey.
A total of 500 telephone and online interviews were conducted among a random sample of large U.S. firms/organizations. Those interviewed included Chief Security Officers, Chief Information Officers, Chief Technology officers and other senior executives responsible for IT security. The margin of error is plus/minus 4.5 percent, at a confidence level of 95 percent.
CA (NASDAQ: CA – News) is the worldâ€™s leading independent IT management software company. With CA’s Enterprise IT Management (EITM) vision and expertise, organizations can more effectively govern, manage and secure IT to optimize business performance and sustain competitive advantage. For more information, visit www.ca.com.
Source: Business Wire