This figure compares with 91% of respondents who believed breaches would increase in the 2011 survey and 95% in 2010. For the 2012 survey, nCircle polled 547 IT security professionals, including senior management, IT operations, security professionals, and risk and audit managers. This is the third year that nCircle has conducted the survey. For Infosecurity's previous coverage, see "Research claims economic downturn hitting 48% of IT security deployments within organisations."
“We are back to 93% of IT security thinking that data breaches will increase this year. That result was surprising to me, certainly against the backdrop that security is much more visible in the general population than it was a few years ago and companies are taking more steps to improve their overall security”, commented Elizabeth Ireland, vice president of marketing for nCircle.
Ireland attributed the continuing belief that data breaches will increase to the “changing threat environment.”
For the third year in a row, the top security concerns among IT security professionals continue to be security compliance, advanced persistent threats (APT), and cloud computing. Security compliance remained the top concern, with 27% of respondents listing as their biggest security concern in 2012, compared with 26% in 2011 and 30% in 2010.
“There are huge downsides for organizations if they don’t meet compliance requirements. Failing an audit has very visible, and in some cases financial, penalties associated with it”, Ireland told Infosecurity.
APTs were the second biggest security concern over the three years, followed by cloud computing.
“Security professionals are not completely in control of these, that is why they are concerning and top of mind”, Ireland observed.
A full 62% of security professionals believe cybercrime is the most significant threat category their organization faces, followed by hactivists at 21% and nation-states with 17%, the survey found.
In addition, three-quarters of security professionals believe the security of their personal health information has not improved in the last 24 months, despite the continued implementation of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.