Information security by the numbers: It's not pretty

Information security by the numbers: It's not pretty

Summary: A pair of security surveys were released Tuesday and the findings aren't pretty. First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches.

SHARE:
TOPICS: Security
4

A pair of security surveys were released Tuesday and the findings aren't pretty.

First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches. Among the findings:

  • Among companies that reported a security breach in the last year, the average severity level was 4.8 on a scale of 0 to 10 (very severe). In 2006, the severity level was 2.3.
  • The average cost of a security breach was $369,388, but that sum is inflated by large companies who had costs topping $10 million. Half of all respondents said their costs were $10,000 or less.
  • 35 percent of those costs are due to employee productivity being impacted. 21 percent of costs were related to server or network downtime and delays in revenue generating activities representing 20 percent of costs.

Meanwhile, Deloitte Touche Tohmatsu released its 2007 Global Security Survey, which includes many of the top financial services firms. Among the findings:

  • 63 percent of those surveyed have an information security strategy.
  • Only 10 percent said their information security strategy is lead by "business line leaders."
  • 26 percent of respondents recognized the need for a security strategy this year.
  • The top three breaches noted in the survey were viruses and worms, e-mail attacks and phishing and pharming.
  • 91 percent said they are concerned about employees leading to breaches. 79 percent cited humans as the cause for information security failures.
  • Financial services firms were reluctant to take any responsibility for securing customer computers. "When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, two thirds of respondents (66 percent) replied that they should not," said Deloitte in a release.
  • 22 percent provided no employee security training over the past year. One third of respondents said their staff has the skills to response to security needs.
  • 98 percent said their security budgets have increased.

Comforting eh?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • The questions nobody asks is:

    Of those firms that experienced a security breach, which Operating System experienced the breach?

    and

    Was the breach at the application or OS level?
    ITGuy04
    • Erm...

      You forgot to add "user initiated breach" to your option list.
      zkiwi
  • RE: Information security by the numbers: It's not pretty

    Microsoft???s Forefront team has posted a new study conducted for Microsoft by CMG Market Research measuring the perceptions of 1,274 information technology (IT) managers in the U.S. toward 12 security concerns, such as malware, temporary workers, hackers, phishing, and more.
    http://blogs.technet.com/forefront/archive/2007/12/18/study-it-pros-more-concerned-about-data-loss-than-spam-malware.aspx

    The survey found that Spyware is still the #1 security concern (24%) that survey participants didn???t feel was being adequately addressed. The study measured levels of concern between 2006 and 2007, and found some interesting results:

    Data loss was the only concern that raised significantly, up 11 percent from 2006.
    Malware (virus, Trojans, and worms) decreased the most, down 31 percent.
    While spyware was still the number one concern cited at 24 percent, it was down significantly from last year???s level of 31 percent.
    Spam, government compliance, phishing, and remote access were also down more than 10 percent.
    david_burt
  • Microsoft released a survey today too

    http://blogs.technet.com/forefront/archive/2007/12/18/study-it-pros-more-concerned-about-data-loss-than-spam-malware.aspx

    The Microsoft Forefront team has posted a new study conducted for Microsoft by CMG Market Research measuring the perceptions of 1,274 information technology (IT) managers in the U.S. toward 12 security concerns, such as malware, temporary workers, hackers, phishing, and more. The survey found that Spyware is still the #1 security concern (24%) that survey participants didn???t feel was being adequately addressed.

    The study measured levels of concern between 2006 and 2007, and found some interesting results:

    Data loss was the only concern that raised significantly, up 11 percent from 2006.
    Malware (virus, Trojans, and worms) decreased the most, down 31 percent.
    While spyware was still the number one concern cited at 24 percent, it was down significantly from last year???s level of 31 percent.
    Spam, government compliance, phishing, and remote access were also down more than 10 percent.
    david_burt