More than half – 60 per cent – of IT decision makers feel that not enough time or money is available to develop IT security policies, according to an IT security firm’s survey. As a result, barely half of the companies surveyed feel that they have highly-organised, systematic processes to deal with IT threats. These findings emerge from the recent Global Corporate IT Security Risks 2013 survey by B2B International for Kaspersky Lab in April 2013 among business representatives around the world.
The situation is especially poor in the educational sector, where only 28 per cent of organisations are confident that they have sufficient investment in IT security policies. What is even more critical, only 34 per cent of the government and defence organisations surveyed all around the world, claim that they have enough time and resources to develop IT security policies.
Even a single measure, such as, implementing IT security policies for mobile devices, could significantly reduce the risks posed by smartphones and tablets in a corporate IT environment, according to Kaspersky Lab. They say that the survey suggests that almost half have no such policies. Even where mobile security policies have been implemented, resources are still inadequate: around half complain that budget increases are insufficient, while 16 per cent complained there is no extra funding made available.
Bring Your Own Device is described by the IT firm as a major technology-related concept, which has already seen significant evolution. Its influence on security will only increase in the future. Most companies already recognise BYOD as one of the main threats to data security. However, only a relatively small proportion of companies are currently prepared to respond to this threat with well-designed and effective mobile device security policies and dedicated solutions to protect and manage these devices.
According to the survey 91 per cent of companies surveyed have at least one external IT security incident, and 85 per cent reported internal incidents in the past 12 months. Such incidents can cause real financial and reputational damage. These losses can significantly exceed the cost of putting in place IT security tools which would help to avoid leaks of important data, downtime and other unplanned expenses. This is why it is extremely important to invest in the security of the corporate IT infrastructure.
Also according to the survey, a serious incident costs large companies an average of £418,000; for small and medium-sized companies the bill typically comes to about £32,000. A successful targeted attack can cost a company more than £1.5m in direct financial losses and extra costs. The most common measure aimed at preventing future IT-security incidents was deploying additional software and hardware solutions to protect the IT inrastructure – on average, 59pc of companies turned to these measures. Additionally, large corporations invested considerable amounts of money into hiring new staff to maintain IT security and into training existing employees in methods of incident prevention.
David Emm, senior security researcher at Kaspersky Lab says: “Lots of organisations don’t realise these risks. A quarter of companies still regard security issues as things that happen to others – although more and more are starting to realise they are a real life problem for any business. Another problem is that 28 per cent of companies mistakenly think that the costs of guarding against cybercrime are greater than the potential losses.”
For more visit – http://media.kaspersky.com/en/business-security/Kaspersky_Global_IT_Security_Risks_Survey_report_Eng_final.pdf
