Three-quarters of organisations have experienced cyber attacks in the past 12 months, costing enterprise businesses an average of $2m per year, according to a new survey from security firm Symantec.
The study, based on survey of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010. Organisations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues.
According to the study, 42% of enterprises rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined. Nearly all the enterprises surveyed (94%) forecast changes to security in 2010, with almost half (48%) expecting major changes.
The firm said that the top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. Enterprise security is becoming more difficult due to various factors such as understaffed, with the most impacted areas being network security (44%), endpoint security (44%), and messaging security (39%).
In addition, enterprises are looking on new initiatives that make providing security more difficult. Initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service. IT compliance is also a huge undertaking with typical enterprise exploring 19 separate IT standards or frameworks and are currently employing eight of them.
The security firm said that organizations need to protect their infrastructure by securing their endpoints, messaging and web environments, defending critical internal servers as well as implementing the ability to back up and recover data.
Francis deSouza, senior vice president of enterprise security at Symantec, said: “Protecting information today is more challenging than ever. By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today’s information-driven world.”