In Brief

Size Matters

The smaller the company, the more it tends to know about its security status.

By CSO Contributor

September 01, 2006 — CSO —

When it comes to security, bigger isnt always better. Our survey found that mid-market companies (those with revenue between $100 million and $1 billion) experienced fewer security breaches than their larger counterparts. Nearly

30 percent of midsize companies claimed their security measures have never been compromised compared with just 16 percent of larger enterprises.

Bigger companies also have less of a handle on whats happening in their (larger) networks. They are less likely than their smaller counterparts to know how many security breaches theyve had (42 percent of the bigger companies had no clue versus 29 percent of midsize companies and 16 percent of the small-market companies, those with less than $100 million in revenue).

Why is this so? After all, large companies deploy more security technologies and comply with privacy and security laws at a higher rate than their smaller counterparts. And midsize companies lag in instituting strategic practices: ­hiring information security officers and developing an overall security strategy.

Experts cite two factors in explaining the gap: First, larger companies most likely sustain many more cyberattack attempts than smaller ones. Second, big companies are more complex, so keeping tabs becomes challenging, to say the least. But the experts say the gap between mid- and large-market companies might have been even wider if the larger companies had not followed more strategic security practices. And the lesson here is that midsize companies might reduce the number of security breaches they experience (and the damage caused by them) if they did the same.

A.H.

• Email
• Print
• Comments
• Digg This
• SlashDot