A national security and privacy survey sponsored by CA showed that security threats from within an organization now are a bigger problem than attacks from external sources. At the same time, the number of U.S. organizations reporting loss of confidential data and reduced customer satisfaction has increased by 55 percent and 65 percent, respectively, in the past two years.
According to the CA 2008 Security and Privacy Survey, in 2008 more than 34 percent of organizations reported a loss of confidential information as a result of security attacks and breaches, up from 22 percent in 2006. Reduced customer satisfaction as a result of security attacks and breaches has also significantly increased from 20 percent in 2006 to 33 percent in 2008. Respondents also reported additional business costs from compromised security, including:
- Loss of productivity – 61 percent in 2008 compared to 52 percent in 2006.
- Loss of trust/confidence – 35 percent in 2008 compared to 30 percent in 2006.
- Embarrassment – 33 percent in 2008 compared to 28 percent in 2006.
Survey responses indicate one reason for the rise in information loss and decline in customer satisfaction is the changing nature and source of security threats themselves.
While other major security attacks are reported to be on the decline, internal security breaches are steadily increasing. In 2008, 44 percent of survey respondents identified internal breaches as a key security challenge over the 12 months preceding the survey – compared with 42 percent in 2006 and 15 percent in 2003. Conversely, the number of respondents reporting virus attacks in the 12-month periods preceding the 2006 and 2008 surveys decreased from 68 percent to 59 percent, network attacks from 50 percent to 40 percent, and denial-of-service attacks from 40 percent to 26 percent.
Security compliance costs
The CA survey results show there has been significant time and IT budget spent on IT security compliance to help meet regulations and mitigate future risk.
Fifty-seven percent of respondents reported that their IT organizations spend 20 percent or more of their time on ensuring IT security compliance, and 56 percent indicated their organizations spend 20 percent or more of their IT budget on ensuring IT security compliance.
Combating attacks and internal breaches
Critical to successfully combating security attacks and breaches is an organization’s willingness to invest, but nearly 32 percent of U.S. security executives believe their own organization’s spending on IT security is too low.
The survey results point to Identity Access and Management (IAM) solutions as a key and growing area of security investment by large U.S. organizations. IAM solutions enable organizations to facilitate and control access by their users to critical online applications and resources — while protecting confidential personal and business information from unauthorized access.
Survey respondents indicate that more than 85 percent of large U.S. organizations are using an IAM solution, with 75 percent of those organizations planning to make further IAM investments within the next 12 months. Sixty percent of those polled who are not currently using an IAM solution plan to implement or roll out IAM functionality within the next 12 to 18 months.