Security
Focus on Security Increases
The importance of security has grown considerably over the last two years. Significantly higher priority: 28%, moderately higher priority: 51%, no change: 18%, lower priority: 3%
Top Five Security Threats
A diverse number of types of threats need to be defended against. Malware: 91%, hacking: 86%, social engineering/phishing: 82%, data loss/leakage: 81%, security risks in emerging technologies: 81%
Security Defenses in Use at Large Organizations
Data loss prevention (DLP) tends to be more important for larger organizations.Data loss prevention: 71%, identity and access management: 61% , formal risk assessment: 51%, security information and event management: 44%, enterprise security intelligence: 41%, external vulnerability assessments: 40%
Security Defenses in Use at Midsize Organizations
Use of more complex security technologies is not that high. Data loss prevention: 54%, identity and access management: 43%, formal risk assessment: 40%, security information and event management: 37%, enterprise security intelligence: 34%, external vulnerability assessments: 25%
Security Defenses in Use at Small Organizations
Adoption of advanced security technologies in small organizations is relatively light.Data loss prevention: 55%, identity and access management: 39%, formal risk assessment: 35%, security information and event management: 32%, enterprise security intelligence: 22%, external vulnerability assessments: 28%
Factors in Security Breaches
Human error is more often the cause but not by much.Human error: 55%, technology error: 45%
Causes of Human Security Error
It’s hard to discern how much IT complexity contributes to human error. End-user failure to follow policies and procedures: 42%, IT staff failure to follow policies and procedures: 41%, lack of security expertise with Website/applications: 39%, lack of security expertise with IT infrastructure: 38%
Change in Security Posture in Last Two Years
When it comes, IT security change is unfortunately evolutionary at best. Moderate amount of change: 51%, no change/small amount of change: 36%, drastic amount of change: 13%
Formal Risk Analysis Is Lacking
Risk analysis is a potential lucrative area for solution providers in the channel.Companies currently using: 41%, companies planning to use: 33%, no plans/not familiar: 25%
Balancing Risk vs. Security
Convincing customers they don’t have enough security can be a challenge. Appropriate balance: 66%, too much risk: 18%, security too stringent: 17%
Security Mindset of the Workforce
Over the years, security awareness has significantly improved but is still imperfect. Basic: 48%, advanced: 44%, low priority: 8%
Changes in IT Landscape Affecting Security
A lot of security factors are outside the control of IT. Social networking: 52%, cloud computing: 51%, availability of easy-to-use hacking tools: 49%, interconnectivity of devices/systems: 48%, sophistication of security threats: 47%, growing organization of hackers: 47%
Mobile Security Incidents
Mobile malware and employees disabling features are up the most year-over-year. Lost/stolen device: 39%, mobile malware: 28%, employees disabling security features: 26%, mobile phishing attack: 24%, violation of corporate data policy: 23%