Nearly all organizations surveyed (98 percent) have experienced tangible loss as a result. This growth in risks and attacks comes at a time when IT reports it is difficult to address the problems due to inadequate budgets, increased regulatory pressures and staffing woes. As a result, most U.S. enterprises (61 percent) are moving to adopt managed security services. The study is based on surveys of 1,000 IT managers in U.S. and European enterprises in January 2009.
Cyber threats and attacks grow while losses mount
Cyber threats are growing rapidly. Nearly half of U.S. enterprises (46 percent) report that cyber threats have somewhat/significantly increased in the past two years and are expected to somewhat/significantly increase in the next two years. In fact, 88 percent of those surveyed saw cyber attacks in the past two years with 31 percent seeing attacks on a regular basis and 10 percent seeing a large/extremely large number of attacks.
To put the problem in context, when asked to rank various risks in order of significance to their organization, those ranking cyber attacks as No. 1 or No. 2 outpaced all other risks by a wide margin (twice as many as natural disasters and traditional crime and four times as many as terrorism).
Not surprisingly, these attacks drive significant losses. Nearly all (98 percent) experienced some sort of loss, with 46 percent experiencing downtime, 31 percent experiencing theft of customer or employee personally identifiable information and 25 percent seeing theft of corporate data.
Enterprises find providing security more difficult than ever: staffing is a big issue
Half those surveyed (49 percent) report that it is getting somewhat/significantly more difficult to provide IT security. Respondents cited a variety of factors, including the increase in threats, inadequate staffing, growing regulatory requirements and insufficient budgets.
Of these, staffing is especially problematic. Two in five organizations say they are somewhat/significantly understaffed, primarily because of difficulties finding qualified applicants, layoffs and lack of funds in the current economic situation. Exacerbating the problem is the fact that existing staff‚Äôs skill sets are too narrow and it is difficult to retain the best security staff.
Managed security services a solution for many
With the problem outgrowing IT‚Äôs ability to provide security internally, it is not a surprise that many (61 percent) of those surveyed are embracing managed security services to bridge the security gap. The reasons cited by IT management include the ability to provide 24x7 coverage, lower overall costs, access to security expertise and an enhanced ability to mitigate security risks.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.