Monthly newsletter Weekly news roundup Breaking news notification    

Financial losses due to information security attacks increasing

Get free weekly news by e-mailOver 8,200 information security executives in 63 countries struggle to hold the line against security threats and incidents, according to the State of Information Security 2005, the world's largest information security study by IDG's CIO magazine and PricewaterhouseCoopers. The average number of security-related events reported is up from 704 in 2004 to 862 in this year's study, an increase of 22.4 percent. The number of organisations reporting financial losses from these events is 22 percent, a significant increase from last year's 7 percent. Hackers remain the most likely source of events, accounting for 63 percent of attacks, compared to 66 percent in 2004, followed by employees (33 percent versus 28 percent) and former employees (20 percent versus 21 percent). The most common type of attack for the second consecutive year is malicious code (e.g. computer virus), representing 59 percent of attacks and up from 53 percent the year before.

As a result of continuing threats, security spending is on the rise from 11 percent of an organisation’s IT budget in 2004 to 13 percent this year. When asked where the money for security spending comes from, respondents point to several internal groups. Information technology is responsible for security budgets, according to 58 percent of respondents, followed by finance at 19 percent. Some 40 percent of this year's respondents report their companies' employ a chief information security officer (CISO) or chief security officer (CSO), up from 31 percent in 2004. On a strategic level, only 37 percent of respondents report that a security plan is in place at their firm and only 24 percent report they expect to develop one in the coming year. The number of organisations with a security plan rises to 62 percent when the organisation employees a CISO or a CSO.

Almost four in 10 US respondents (38 percent) report that they are currently not in compliance with Sarbanes-Oxley requirements, although they are required to be so. Likewise, almost one in four (23 percent) of those who must comply with HIPAA (Health Insurance Portability & Accountability Act) are not doing so. And 15 and 11 percent of US respondents, respectively, are not in compliance with California State Bills 1386 and 1950 regarding data security and privacy, although they are required to be so.

Additional survey findings include:

* 59 percent of organisations continue to monitor what their employees are viewing online.

* 85 percent of American companies report nine or fewer negative incidents in the past year. US companies rank behind New Zealand (95 percent), India (91 percent), Canada (89 percent), France and Germany (87 percent) and Italy (86 percent) in this area.

* 55 percent of organisations report security incidents to external agencies, up from 51 percent in 2004.

* Data backup is the leading information security technology practice used (84 percent), followed by network firewalls (82 percent) and user passwords (80 percent).

www.cio.com
www.pwc.com/security

Date: 15th September 2005 • Region: US/World Type: Article •Topic: ISM
Rate this article or make a comment - click here



Copyright 2006 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help