Security Audits Do Customers Listen

Of the survey participants, 76% have employed third-party experts to audit network security practices. However, only 35% conduct these audits every year. About 27% hire a third party to audit every two years and 14% do so every three years or more.

The key driver for bringing in an outside organization to conduct an audit was the need to prove to other parties that the company had passed that audit. Approximately 65% of those who’ve had an audit reported this as a top priority.

Good news for channel partners: a whopping 72% of those who ponied up for outside audits reported them a worthwhile investment. Approximately 23% felt neutral about the spend and 5% didn’t feel it was a good investment.

Among the quarter of respondents that reported never conducting a formal third-party audit, 47% said they did not need one and 24% reported cost as a barrier.

Among all of the respondents, approximately 67% conduct internal security audits at least annually and an additional 17% do one every two years.

About half of the respondents who conduct internal audits reported that these in-house probes identified significant security problems. But 33% reported that they “don’t go far enough” with internal audits and 43% believe that their organization needs to hold up to auditor scrutiny more frequently.

However positive IT executives feel about outsiders conducting audits, they still have a ‘hands-off my network controls’ attitude when it comes to outsourcing. Approximately 69% believe that outsourcing technology jobs adversely affects network security. About 22% said that it has no impact and 9% believe it has a positive effect.