Other

Numbers | Security--It's Worse Than They Think

Organizations are more confident than they should be in their ability to manage security threats, says new study from Deloitte & Touche

By Dave Gradijan

February 14, 2008 — CSO — By Katherine Walsh

Deloitte & Touche’s second annual security survey of more than 100 companies in the technology, media, entertainment and telecommunications industries has found that an overwhelming majority are overconfident in their ability to prevent security breaches.

Sixty-nine percent of respondents said they are confident about the ability of their organizations to mitigate external security threats. However, 46 percent of those same companies don’t have a formal information security strategy in place--something that would seem to be necessary to mitigate those threats. The survey was based on information collected from CSOs, CISOs and security management teams between May and December 2007.

Additional findings include:

* Although the majority of companies are confident in their ability to cope with security challenges now, only 7 percent believe they are prepared for future security threats.

* Only 5 percent of companies increased their security investment by 15 percent or more in the past year. Half of those surveyed allocated less than 3 percent of their IT budget to security.

* Only 62 percent of respondents believe that security is a key imperative at the board or executive level.

* Just over half--56 percent--are confident in their ability to address insider threat stemming from employee misconduct, whether it is deliberate or accidental.

* A majority of companies have not yet addressed physical and information security convergence, with 64 percent of respondents saying they have done little or nothing to integrate the two.

Staff Writer Katherine Walsh can be reached at kwalsh@cxo.com.

--

The comment field below does not work. Please send your feedback directly to the author.