Survey: IT Security Breaches More SevereBy Jessica Davis | Posted 2009-06-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
IT organizations say that security breaches have become more severe over the past 12 months -- a time when they have been under pressure to cut IT budgets. That's not surprising as more mobile devices such as notebooks and smartphones make businesses more vulnerable and social networking sites pose new threats. But IT professionals still rank security as a top priority, according to a new survey.
The severity of security breaches is climbing at a time when IT
organizations are under pressure to cut expenses and work with smaller
But the good news is that IT security remains a major priority among IT
professionals. A total of 38 percent of U.S.-based IT professionals
ranked IT security as their top priority. That’s according to this
year’s State of IT Security survey of 1,500 IT professionals in the
United States, U.K., China and India, commissioned by CompTIA.
"The vulnerabilities have always been there," Tim Herbert, vice
president of research at CompTIA tells Channel Insider. And because of
the recession "there has been an increase in the financial incentive to
steal data. More people are leaving organizations through potential
layoffs, buyouts and whatnot. It’s not necessarily malicious, but
people want to take their contact information with them."
Other new vulnerabilities come from the increased use of smartphones by
employees and also from more employees accessing social networking
sites such as Facebook and Twitter.
"When used inappropriately these can also lead to problems," Herbert says, pointing out the recent Twitter virus.
While data confirms that the number of security breaches has not increased significantly, the severity level of breaches has been trending upwards, Herbert says.
Survey respondents rated breach severity on a scale of 1 to 10. In 2006 the average severity ranked 4.8, in 2007 5.3 and in 2008 5.6.
For 2008, the mean total cost of security breaches came in at $85,161 while the median chosen was $5,000 to $9,999.
Survey respondents who reported breaches over during 2008 said the total cost of the breaches was as follows:
- $0 - 9 percent
- $1 to $499 – 8 percent
- $500 to $999 – 7 percent
- $1,000 to $4,999 – 19 percent
- $5000 to $9,999 – 19 percent
- $10,000 to $49,999 – 16 percent
- $50,000 to $99,999 - 12 percent
- $100,000 to $999,999 – 7 percent
- $1 million or more – 3 percent
Most often, breaches are caused by the combination of technical
glitches together with human error. Perhaps an employee leaves a laptop
at airport security, and that laptop does not have data locked down
with a password or other security measure.
That’s why having a written IT security policy that includes mobile devices is so essential to ensuring an organization’s IT security, says Herbert. More companies are implementing such policies, and more companies are making sure that they include mobile devices in the policies. However, the likelihood of a company having such a policy depends on the company’s size.
Herbert recommends that companies periodically review security policies with employees and make sure that non-IT employees are trained in proper IT security procedures to protect against the potential for breaches.