Organisations are planning to spend an average of 21% more in 2011 on Risk and Compliance offerings, and a majority of CSO’s and other decision-making executives want to integrate and automate offerings rather than point products, according to a new research by McAfee and Evalueserve.
The research revealed that 41% of organisations are not aware of or protected against IT security risk, and approximately 40% are not completely confident about deploying countermeasure products thus leaving them at risk.
The Risk and Compliance Outlook: 2011 report said that in regard to regulatory compliance, approximately 75% of respondents, are not confident that they will pass a regulatory audit, with more than half of organisations stating that they have already failed an audit.
In addition, 9% of companies indicated that these audit failures resulted in industry or government fines.
The research revealed that databases as the biggest infrastructure challenge in terms of complying with regulatory mandates with 41% of companies indicating they will be investing in Database Activity Monitoring.
The report said that 45% of companies are patching systems every week, and 49% of companies stated that they try to ‘over protect’ by patching everything.
However, 84% of the respondents feel that their business and security operations are impacted due to out-of-cycle patches, and 37% are not confident in knowing which assets need to be patched when a new threat materialises.
McAfee said that 24% of organisations are spending more than $250,000 per annum on auditors and compliance is perceived as the main budget driver for 25% of IT projects.
More than 40% of organisations get into ‘fire-fight mode’ when a regulatory audit approaches, diverting critical resources away from strategic priorities and 39% are not confident of being able to translate IT risks into business risks.
56% of organisations in the research indicated that adding ‘Countermeasure-Awareness’ to their risk analysis would provide the biggest benefit, and 60% of the respondents believe that up to 10% of downtime is attributable to unauthorised changes that take place over the entire year
McAfee risk and compliance senior vice president and general manager Stuart McClure said organisations are under increasing pressure to protect customer information and privacy, and their own sensitive business information, driving the need for a strong focus on risk and compliance management.
"As the results of this study show, companies recognise the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, and the need to improve policy compliance through more automation of IT controls," McClure said.