New Zealand sees drop in information security incidents, costs

The 2010 New Zealand Computer Crime and Security Survey highlights a range of information security trends, including the frequency and cost of information security breaches, information security awareness, and percentage of IT budgets spent on information security by private and government organizations relating to calendar year 2009. The previous survey was published in 2007.

Around 70% of respondents experienced some type of information security incident in the 2010 survey, down from the levels reported in the 2007 survey. The overall average cost of reported information security incidents per organization was NZ$15 000, well down from NZ$133 000 in the previous survey.

The survey of 176 information security professionals in New Zealand was conducted by KJ Spike Quinn of the University of Otago Security Research Group on behalf of InternetNZ.

InternetNZ chief executive Vikram Kumar offered the following observations on the survey: “Even though the overall trend is a reduction in security incidents and costs per organization, there is no room for complacency. Almost 70% of respondent organizations experienced some sort of security incident. Some 28% experienced unauthorized use of their systems with internal threats at least as significant as external threats.”

Almost half of respondents think their organization needs to do more to ensure information security for third-party contractors. In addition, over 60% of respondents said they use less than 5% of their IT budgets on security.

External threats from viruses and malware are seen as the greatest information security threat by 46% of respondents. One in four said they had no security tools or procedures for mobile device security and over half had no USB incident protections in place.

“Though theft of laptops and mobile hardware is now the most widely experienced incident, newer security incidents are appearing, such as exploit of users social network profile and extortion/blackmail regarding threat of system attack or for release of stolen data”, Kumar said.

What’s hot on Infosecurity Magazine?