Cyber security tops IT priority list

The theft of personally identifiable information is one of the biggest concerns

Three-quarters of companies have suffered a cyber-attack over the past 12 months at an average cost of more than £1m each, making cyber security the biggest concern for IT departments, according to a survey from security giant Symantec released today.

The vendor interviewed more than 2,000 small, medium and large enterprises from various industries across the globe to compile its first State of Enterprise Security report.

Some 42 per cent of respondents ranked cyber-attacks as the biggest risk to their organisation, topping natural disasters, terrorism and traditional criminal activity. A third of the 75 per cent of organisations that had suffered an attack described it as 'somewhat' or 'highly' effective.

All respondents had suffered cyber-losses, with theft of personally identifiable information, downtime and intellectual property theft all rated as equally common.

Sian John, security architect at Symantec, said: "We have been saying 'be aware' since the explosion in malware that took place from 2007, and this survey reflects the fact that it is a big issue.

"Having these stats helps people to learn that it is a real business risk because these are ultimately business costs."

The report found that most organisations feel understaffed, and that new initiatives such as virtualisation and platform-as-a-service are adding to the security burden.

Security systems management, data loss prevention, endpoint security and network security are the worst affected areas, according to the survey.

John suggested that put-upon chief security officers should use compliance and regulatory-related projects in order to drive investment in under resourced areas, because this speaks to the business more clearly than trying to explain the risks and threats in technology terms.