In fact, inadvertent breaches by well-meaning employees are a bigger concern than deliberate breaches by malicious employees; 46% of respondents worry about inadvertent breaches, while only 44% are concerned about malicious breaches. Hackers remain the top information security concern, according to the 2011 State of Security Survey conducted by Applied Research for Symantec.
The drivers of information security are changing, the survey found. New to the list this year are targeted attacks that focus on a single organization for political or economic reasons.
“These targeted attacks are targeting individuals and specific organizations. And a lot of these attacks are coming from social media”, said Ashish Mohindroo, senior director of product marketing with Symantec’s Enterprise Security Group.
For the second year in a row, information security is the leading business risk that companies face, ahead of traditional crime, natural disasters and terrorism, according to the annual survey. Forty-one percent said information security is somewhat or significantly more important than 12 months ago. In contrast, only 15% think it is somewhat or significantly less important.
“Over the last year, this has risen in priority, and there has been a heightened awareness about cybersecurity”, Mohindroo told Infosecurity.
While a majority of respondents suffered damage as a result of cyberattacks, more respondents reported a decline in the number and frequency of attacks compared to 2010; 71% of organizations saw attacks in the past 12 months, compared to 75% in 2010. The percentage who reported an increasing frequency of attacks fell from 29% last year to 21% this year.
In addition, 92% of companies saw losses from cyberattacks in 2011, down from 100% last year. The top three losses were downtime, theft of employees' identity information, and theft of intellectual property. These losses translated into monetary costs 84% of the time, with the top costs being productivity, revenue, lost data, and brand reputation.
The survey found that 20% of small businesses lost at least $100,000 last year due to cyberattacks. That figure was even higher for large enterprises, with 20% incurring $271,000 or more in damages.
The consumerization of IT is presenting new information security challenges to companies. Forty-seven percent of respondents said mobile computing was an information security challenge, followed by social media (46%).
In order to address information security shortfalls, businesses are increasing staffing levels and budgets for the IT department, according to the survey. They are adding the most staff in areas of network, web and endpoint security. Security budgets are also growing in web and network security, as well as data loss prevention.