Most enterprises admit IT security failures

A recent survey suggests that security breaches have increased by 17 per cent since 2003

Almost 85 per cent of large US enterprises admit to having suffered an IT security incident over the past 12 months, and the number of breaches continues to rise, new research warned today.

According to a Computer Associates poll of 642 US enterprise corporates, security breaches have increased by 17 per cent since 2003.

Some 54 per cent of organisations reported lost workforce productivity, 25 per cent reported public embarrassment, loss of trust/confidence and damage to reputation, and 20 per cent reported losses in revenue, customers or other tangible assets.

Of the organisations which experienced a security breach, 38 per cent said that it was internal.

The poll also found that IT security is not being taken seriously enough at all levels, especially in the financial services industry.

Nearly 40 per cent of respondents indicated that their organisations do not take IT security risk management seriously at all levels, while 37 per cent believe their security spending is too low. Only one per cent indicated that they believe it is too high.

Despite these findings, the survey revealed that respondents are taking steps to improve security.

The three most important security steps are documenting security policies (88 per cent), creating security education policies for employees (83 per cent) and creating the role of chief information security officer (68 per cent).

The research also found that a lack of centralised security administration is affecting employee productivity.

Only six per cent of the organisations were able to provide new employees or contractors with access to all the applications or systems they require on their first day of work.

"These survey results demonstrate that even though organisations are investing in security technologies, they still aren't achieving the results they seek," said Toby Weiss, senior vice president and general manager of CA's Security Management Business Unit.

"Clearly, more work needs to be done in terms of improved security management itself and better education of business users about the importance of IT security best practices."

The survey also found that organisations are turning to identity and access management technologies to improve security, enable regulatory compliance and reduce costs.

More than 75 per cent of the organisations surveyed have implemented some form of identity and access management functionality, and are continuing with investments.

An additional 18 per cent plan to begin rolling out an identity and access management solution or extend their deployments over the next 12 to 18 months.