Survey: IT Security Breaches More Severe

By Jessica Davis  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

IT organizations say that security breaches have become more severe over the past 12 months -- a time when they have been under pressure to cut IT budgets. That's not surprising as more mobile devices such as notebooks and smartphones make businesses more vulnerable and social networking sites pose new threats. But IT professionals still rank security as a top priority, according to a new survey.

The severity of security breaches is climbing at a time when IT organizations are under pressure to cut expenses and work with smaller budgets.

But the good news is that IT security remains a major priority among IT professionals. A total of 38 percent of U.S.-based IT professionals ranked IT security as their top priority. That’s according to this year’s State of IT Security survey of 1,500 IT professionals in the United States, U.K., China and India, commissioned by CompTIA.

"The vulnerabilities have always been there," Tim Herbert, vice president of research at CompTIA tells Channel Insider. And because of the recession "there has been an increase in the financial incentive to steal data. More people are leaving organizations through potential layoffs, buyouts and whatnot. It’s not necessarily malicious, but people want to take their contact information with them."

Other new vulnerabilities come from the increased use of smartphones by employees and also from more employees accessing social networking sites such as Facebook and Twitter.

"When used inappropriately these can also lead to problems," Herbert says, pointing out the recent Twitter virus.

While data confirms that the number of security breaches has not increased significantly, the severity level of breaches has been trending upwards, Herbert says.

Survey respondents rated breach severity on a scale of 1 to 10. In 2006 the average severity ranked 4.8, in 2007 5.3 and in 2008 5.6.

For 2008, the mean total cost of security breaches came in at $85,161 while the median chosen was $5,000 to $9,999.

Survey respondents who reported breaches over during 2008 said the total cost of the breaches was as follows:

  • $0  - 9 percent
  • $1 to $499 – 8 percent
  • $500 to $999 – 7 percent
  • $1,000 to $4,999 – 19 percent
  • $5000 to $9,999 – 19 percent
  • $10,000 to $49,999 – 16 percent
  • $50,000 to $99,999 -     12 percent
  • $100,000 to $999,999 – 7 percent
  • $1 million  or more – 3 percent

Most often, breaches are caused by the combination of technical glitches together with human error. Perhaps an employee leaves a laptop at airport security, and that laptop does not have data locked down with a password or other security measure.

That’s why having a written IT security policy that includes mobile devices is so essential to ensuring an organization’s IT security, says Herbert. More companies are implementing such policies, and more companies are making sure that they include mobile devices in the policies. However, the likelihood of a company having such a policy depends on the company’s size.  

Herbert recommends that companies periodically review security policies with employees and make sure that non-IT employees are trained in proper IT security procedures to protect against the potential for breaches.


Jessica Davis covers the channel for eWeek and Channel Insider. Her technology journalism career began well before anyone heard of the World Wide Web and has included stints at Infoworld, Electronic News/EDN, and the Philadelphia Business Journal. Her work has also appeared on CNN and Forbes.com. She has covered hardware, software and networking, as well as the business side of technology. She has won several journalism awards, including a national ASBPE award for best staff-written column, and was named Marketing Computers hardest working tech journalist on their inaugural list of top tech journalists. Jessica can be reached at jessica.davis@ziffdavisenterprise.com

Submit a Comment

Loading Comments...