X
Tech

Information security by the numbers: It's not pretty

A pair of security surveys were released Tuesday and the findings aren't pretty. First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches.
Written by Larry Dignan, Contributor

A pair of security surveys were released Tuesday and the findings aren't pretty.

First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches. Among the findings:

  • Among companies that reported a security breach in the last year, the average severity level was 4.8 on a scale of 0 to 10 (very severe). In 2006, the severity level was 2.3.
  • The average cost of a security breach was $369,388, but that sum is inflated by large companies who had costs topping $10 million. Half of all respondents said their costs were $10,000 or less.
  • 35 percent of those costs are due to employee productivity being impacted. 21 percent of costs were related to server or network downtime and delays in revenue generating activities representing 20 percent of costs.

Meanwhile, Deloitte Touche Tohmatsu released its 2007 Global Security Survey, which includes many of the top financial services firms. Among the findings:

  • 63 percent of those surveyed have an information security strategy.
  • Only 10 percent said their information security strategy is lead by "business line leaders."
  • 26 percent of respondents recognized the need for a security strategy this year.
  • The top three breaches noted in the survey were viruses and worms, e-mail attacks and phishing and pharming.
  • 91 percent said they are concerned about employees leading to breaches. 79 percent cited humans as the cause for information security failures.
  • Financial services firms were reluctant to take any responsibility for securing customer computers. "When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, two thirds of respondents (66 percent) replied that they should not," said Deloitte in a release.
  • 22 percent provided no employee security training over the past year. One third of respondents said their staff has the skills to response to security needs.
  • 98 percent said their security budgets have increased.

Comforting eh?

Editorial standards