On UrbanBaby: Nanny vs. Daycare. Discuss!
BNET Business Network:
BNET
TechRepublic
ZDNet

September 18th, 2007

Information security by the numbers: It's not pretty

Posted by Larry Dignan @ 10:27 am

Categories: General, IT Management, Security

Tags: Information Security, Security, Larry Dignan

A pair of security surveys were released Tuesday and the findings aren’t pretty.

First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches. Among the findings:

  • Among companies that reported a security breach in the last year, the average severity level was 4.8 on a scale of 0 to 10 (very severe). In 2006, the severity level was 2.3.
  • The average cost of a security breach was $369,388, but that sum is inflated by large companies who had costs topping $10 million. Half of all respondents said their costs were $10,000 or less.
  • 35 percent of those costs are due to employee productivity being impacted. 21 percent of costs were related to server or network downtime and delays in revenue generating activities representing 20 percent of costs.

Meanwhile, Deloitte Touche Tohmatsu released its 2007 Global Security Survey, which includes many of the top financial services firms. Among the findings:

  • 63 percent of those surveyed have an information security strategy.
  • Only 10 percent said their information security strategy is lead by “business line leaders.”
  • 26 percent of respondents recognized the need for a security strategy this year.
  • The top three breaches noted in the survey were viruses and worms, e-mail attacks and phishing and pharming.
  • 91 percent said they are concerned about employees leading to breaches. 79 percent cited humans as the cause for information security failures.
  • Financial services firms were reluctant to take any responsibility for securing customer computers. “When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, two thirds of respondents (66 percent) replied that they should not,” said Deloitte in a release.
  • 22 percent provided no employee security training over the past year. One third of respondents said their staff has the skills to response to security needs.
  • 98 percent said their security budgets have increased.

Comforting eh?

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

For daily updates, follow Larry on Twitter.

Email Larry Dignan

Subscribe to Between the Lines via Email alerts or RSS.

  • Talkback
  • Most Recent of 4 Talkback(s)
Microsoft released a survey today too
http://blogs.technet.com/forefront/archive/2007/12/1... (Read the rest)
Posted by: david_burt Posted on: 12/18/07 You are currently: a Guest | | Terms of Use
The questions nobody asks is:  ITGuy04 | 09/18/07
Erm...  zkiwi | 09/18/07
RE: Information security by the numbers: It's not pretty  david_burt | 12/18/07
Microsoft released a survey today too  david_burt | 12/18/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here