Most firms have experienced some kind of cyber attack in the last year, according to research released Monday by Symantec. The 2010 State of Enterprise Security study reveals that 75 percent of organizations experienced cyber attacks and 42 percent of organizations rate security as their top issue, more than natural disasters, terrorism, and traditional crime combined. Cyber attacks cost enterprise businesses an average of $2 million per year, and are often very effective, according to the report. The Symantec study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010. (See also: DDoS Attacks; Fighting Back)
"It (security) is a similar concern across both large and small organizations now," said Matthew Steele, director, Strategic Technology with Symantec. "I think we used to see bigger deviations there in the past. But it appears to be equally strong now."
Organizations also reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues.
Steele pointed to the regulatory landscape as adding pressures to security departments of all sizes.
"For example, with HIPAA, You see that having an impact on what's happening to small practices now as opposed to just large hospitals," he said. (See CSO blogger Ed Adams' post on the HITECH Act Law and HIPAA)
Enterprises surveyed rated "better manage business risk of IT" as a top goal for 2010, and 84 percent rated it absolutely/somewhat important. Nearly all the enterprises surveyed (94 percent) forecasted changes to security in 2010, with almost half (48 percent) expecting major changes.