Risk Assessment: Security Fears Strong

Tuesday, March 1, 2011 @ 04:03 PM gHale

With the idea security issues remain a hot topic and a priority for companies across the globe, 41 percent of organizations are not well aware of or protected against IT security risks, according to McAfee.

On top of that, another 40 percent are not completely confident they can accurately deploy countermeasures leaving them at risk.

To deal with these concerns, nearly half of all companies plan to spend an average of 21 percent more in 2011 on risk and compliance solutions, according to McAfee. Overall, the survey indicated strong growth for risk and compliance products in 2011 with a large demand for integrated and automated solutions rather than point products.

Regarding regulatory compliance, the vast majority, 75 percent of respondents, are not confident they will pass a regulatory audit, with more than half of organizations stating they have already failed an audit. Nine percent of companies indicated these audit failures resulted in industry or government fines. Databases also ranked as the biggest infrastructure challenge in terms of complying with regulatory mandates.

Additional findings:
• 41% of companies indicating they will be investing in database activity monitoring
• 45% of companies are patching systems every week
• 49% of companies stated they try to ‘over protect’ by patching everything
• 84% of the respondents feel their business and security operations feel the impact due to out-of-cycle patches
• 37% are not confident in knowing which assets need patching when a new threat materializes
• 24% of organizations are spending more than $250,000 annually on auditors
• Compliance is the main budget driver for 25 percent of IT projects
• More than 40 percent of organizations get into “fire-fight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities
• 39% are not confident of being able to translate IT risks into business risks
• 56% of organizations indicated adding “Countermeasure-Awareness” to their risk analysis would provide the biggest benefit
• 60% of the respondents believe up to 10% of downtime is attributable to unauthorized changes that take place over the entire year.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee.

“As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls.”

Leave a Reply

You must be logged in to post a comment.