|
Home - Industry Article - Dec 03 Issue |
Budgeting Trends for Information Security |
By the PricewaterhouseCoopers
Forty-six percent of the nation's fastest growing companies have suffered a recent breach of their information security, despite beefed-up precautions since 9/11. In most cases, these businesses were victims of computer viruses or worms, with hackers and e-mail the suspected door openers. As a result, 83 percent of victims experienced monetary loss; and nearly one in four, network downtime. What lessons have been learned from this experience? Two-thirds report that information security is important to their company's near-term profitable growth—and 15 percent are planning budget increases for it this year. Relatively few have identified information security priorities for the next 12 months.
Steps Taken Since 9/11
Many fast-growth CEOs have taken added precautions since September 11, 2001 to protect against terrorism or other threats to their company's information security:
Increased spending to protect IT systems and data
46% |
|
Created or updated business continuity/ disaster recovery plans
38% | |
Increased spending to protect intellectual property
31% |
|
Increased spending to protect physical property
24% |
|
Improved employee background screening
24% |
|
Introduced or expanded employee identification
18% |
|
Hired more security guards or services
5% |
|
Created position of chief security/information officer
5% |
|
"As corporate technology becomes increasingly advanced, information security becomes all the more critical," said Mark Lobel, Senior Manager—Security and Privacy Services, for PricewaterhouseCoopers. "But it would appear that many surveyed CEOs have only scratched the surface, with relatively light adoption of many of the alternatives available to them."
Vulnerabilities
Despite any precautions, 46 percent of "Trendsetter" companies have suffered a breach of information security or business espionage over the past 12-24 months:
Types of Breaches
Ninety percent of penetrated companies were victims of computer viruses or worms—with some suffering breaches from other sources, as well. Other vulnerabilities included telecom/unauthorized entry, noted by 17 percent; denial of service by 13 percent; manipulated systems programs by five percent; manipulated software applications by five percent; and mobile/wireless application intrusion by two percent.
Sources
Computer hackers were cited as the means of penetration by 61 percent of the victims, followed by e-mail, 27 percent. Unauthorized users and employees were suspected by seven percent; former employees by three percent; and competitors by two percent.
Effects
Most of the victimized companies (24 percent) suffered network downtime, or unavailable business applications (12 percent). Other effects included financial losses (ten percent), lost or damaged internal records (seven percent), lost or damaged customer records (four percent), intellectual property theft (two percent), identity theft (two percent), and fraud (one percent).
Total Value of Loss
Eighty-three percent of victims reported at least some monetary loss—including five percent incurring high cost, five percent with moderate cost, and 73 percent with low cost. Only 11 percent had no monetary loss, and six percent were uncertain or did not report.
Downtime
Time losses averaged 1.33 days over the past 12 months.
"To stem sophisticated adversaries, companies need a continually updated defense," said Lobel. "The price of being unprepared or under-prepared amounted to a loss of hard dollars for eight in ten companies surveyed—and the lost time equivalent of more than an extra vacation or sick day for each and every employee in a penetrated company."
|
|
|