According to CA’s latest security survey, more than 84% of North American companies experienced a security incident over the past 12 months and the number of breaches continues to rise.
The survey of 642 large North America was conducted by The Strategic Counsel from January through May of 2006. The organizations surveyed had average annual revenues of $1.4 billion and average annual IT budgets of $22 million. The survey was conducted across the manufacturing, government, financial services, retail, communications, healthcare/pharmaceuticals, and oil & gas sectors.
According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security. The lack of centralized security administration is affecting employee productivity. Only 6% of the organizations were able to provide new employees or contractors with access to all the applications or systems they require on their first day of work.
Moreover, the security isn’t being taken seriously enough at all levels of an organization, especially in the financial service industry. Nearly 40% of respondents indicated that their organizations don’t take IT security risk management seriously at all levels, while 37% believe their organization’s security spending is too low. Only 1% believes it is too high.
Despite these findings, the organizations act to improve security. The three most important actions are: documenting security policies (88%), creating security education policies for employees (83%) and creating a Chief Information Security Officer position (68%) within the organization.
“These survey results demonstrate that even though organizations are investing in security technologies, they still aren’t achieving the results they seek,” said Toby Weiss, senior vice president and general manager of CA’s Security Management Business Unit. “Clearly, more work needs to be done in terms of both improved security management itself and better education of business users about the importance of IT security best practices.”
Survey margin of error ranges from +/- 2.6 to +/- 3.8 at a 95% confidence level.