Information security by the numbers: It's not pretty

Summary:A pair of security surveys were released Tuesday and the findings aren't pretty. First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches.

A pair of security surveys were released Tuesday and the findings aren't pretty.

First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches. Among the findings:

  • Among companies that reported a security breach in the last year, the average severity level was 4.8 on a scale of 0 to 10 (very severe). In 2006, the severity level was 2.3.
  • The average cost of a security breach was $369,388, but that sum is inflated by large companies who had costs topping $10 million. Half of all respondents said their costs were $10,000 or less.
  • 35 percent of those costs are due to employee productivity being impacted. 21 percent of costs were related to server or network downtime and delays in revenue generating activities representing 20 percent of costs.

Meanwhile, Deloitte Touche Tohmatsu released its 2007 Global Security Survey, which includes many of the top financial services firms. Among the findings:

  • 63 percent of those surveyed have an information security strategy.
  • Only 10 percent said their information security strategy is lead by "business line leaders."
  • 26 percent of respondents recognized the need for a security strategy this year.
  • The top three breaches noted in the survey were viruses and worms, e-mail attacks and phishing and pharming.
  • 91 percent said they are concerned about employees leading to breaches. 79 percent cited humans as the cause for information security failures.
  • Financial services firms were reluctant to take any responsibility for securing customer computers. "When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, two thirds of respondents (66 percent) replied that they should not," said Deloitte in a release.
  • 22 percent provided no employee security training over the past year. One third of respondents said their staff has the skills to response to security needs.
  • 98 percent said their security budgets have increased.

Comforting eh?

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.