Among companies that experienced data loss in the past 12 months, 65% lost confidential corporate financial data; 52% lost confidential employee, such as human resources records; 27% lost confidential customer data, such as credit card numbers; and 26% lost corporate intellectual property or trade secrets.
For its annual Information Security Trends Study, CompTIA polled 500 US-based IT executives involved in setting or executing information security policies and processes within their organizations.
“The respondents report increasing concern over security. When they project out over the next two years, they expect the security threat level to be on the rise”, said Tim Herbert, vice president of research with CompTIA. “At the same time, we also found a large number of companies, about 75%, reported confident in their security defense”, Herbert told Infosecurity.
Three in four organizations polled reported first-hand experience with a security incident in 2011, a slight increase over the 2010. On average, organizations reported seven incidents for the year, about half classified as serious.
Herbert noted that security concerns around mobile devices, social media, and cloud computing are on the rise. Organizations are also worried about the growing criminalization and sophistication of security threats, he added.
Malware continues to be a security concern, yet malware attacks are less feared than highly targeted distributed denial of service attacks, advanced persistent threats, and other types of hacking attacks. In the study, 58% of respondents believed hacking is a more critical threat today compared to two years ago.
Seven in 10 organizations rate security as a higher or upper-level priority in 2011, compared to 49% in 2010. Four out of five companies expect to increase information security budgets.
The intensified focus on information security has created a job market where the demand for skilled workers exceeds the current supply. In the CompTIA study, 40% of organizations say they face challenges in hiring IT security specialists.
Organizations view certified staff as an integral part of their security apparatus. More than eight in 10 organizations formally or informally use security certifications as a means to validate expertise, and 94% believe security certifications deliver a positive return on investment.
Human error continues to be a significant factor in security breakdowns; 53% of IT and business executives said human error is more of a factor today than it was two years ago.
“The human component has consistently been a factor [in the survey]. Once again, this year respondents voiced concerns about it….Regardless of the technology and processes in place, at the end of the day, there is still that human variable. As we migrate toward newer technologies and platforms, it probably is going to only increase as a factor in security”, Herbert observed.