Survey Says Managing Complexity Of Security Is Top Challenge For Organizations Across The Globe

  • Jul 17, 2007

Managing the complexity of security continues to be the number one challenge for organizations around the globe, followed closely by preventing security breaches, enforcing security policies and spreading user awareness. These challenges have prompted plans for a significant increase in security spending in the coming year, according to a 2007 survey by Accenture and CMP Technology's InformationWeek.

The 10th annual survey of nearly 3,000 IT professionals from the United States and China also revealed that the security challenges, plans and priorities of Chinese companies are aligning more closely with U.S. organizations. Chinese companies are taking a more sophisticated approach to their security posture -- in fact, they expect to spend an average of 19 percent of their IT budgets on security, compared to 12 percent for U.S. organizations.

Survey highlights and trends include:

  • Security spending is expected to grow significantly this year. Thirty- nine percent of the respondents in the U.S. and 55 percent of the respondents in China expect security spending to increase this year compared with 2006.
  • IT professionals in China perceive themselves to be more vulnerable than their counterparts in the United States. Fifty-eight percent of respondents in China feel their organization is more vulnerable to malicious code attacks and security breaches than a year ago, versus 16 percent of respondents in the United States. Vulnerability is attributed to increased sophistication of such threats as SQL injection, more ways to attack corporate networks, including wireless, and an increased volume of attacks.
  • Assessing security risk and then modifying plans and budgets accordingly is problematic across the board. More than 20 percent of U.S. companies and nearly a quarter of Chinese companies do not regularly assess security risk and threats. Of those who do regularly assess risk, only 34 percent of U.S. companies and 39 percent of Chinese companies use the information strategically to drive budgets and planning.
  • Measuring the value of security is difficult. Forty-three percent of U.S. companies measure value in terms of fewer worker hours spent on security-related issues. Twenty-four percent of respondents do not even attempt to measure the value of security investments.

"Organizations in the U.S. and China are spending more on information security yet it seems they are uncertain why," said Dr. Alastair MacWillson, managing director of Accenture's Security Practice. "Without fully understanding risk and its strategic impact and without systematically measuring value it is difficult to recognize how security can enable high performance."

Threat Response and Risk Management

  • Top ranking tactical security priorities for both the U.S. and China in the coming year include installing better access controls, securing remote access and installing monitoring software.
  • Consistent across geographies, viruses and worms pose the biggest security threat. Over the past year, 68 percent of Chinese companies and 49 percent of U.S. companies suffered from computer viruses, followed by 55 percent and 35 percent, respectively, from worms. As a result, 65 percent of U.S. respondents and 75 percent of Chinese respondents said dealing with viruses and worms are a top priority, followed by spyware or malware and then spam.
  • The primary methods of attack differ across geographies. Over the past year, U.S. and Chinese companies both suffered when known operating- system vulnerabilities (43 percent and 66 percent, respectively) and known application vulnerabilities (24 percent and 41 percent, respectively) were exploited. In China, however, companies also suffered from exploited access control (38 percent) and database vulnerabilities (30 percent), attacks that were not as prevalent for U.S. organizations (18 percent and 7 percent, respectively).
  • In both regions, companies suspected computer hackers, malicious coders and unauthorized users to be responsible for breaches or espionage in the past year.
  • Chinese companies have fallen victim to public data breaches five times more often than U.S. companies. Thirty-two percent of Chinese companies suffered from a publicized data breach or data loss over the past year, compared with only six percent of U.S. companies.

Compliance and Data Privacy

  • Over the past 12 months, respondents in both the United States and China said improved storage management and improved document management have been beneficial to achieving regulatory compliance. In the United States, improved infrastructure security was also considered helpful, and in China, classified e-mail content has been beneficial.
  • The United States more aggressively monitors employee activities, with more than half monitoring e-mail use, compared with 34 percent of Chinese companies. In the United States, 40 percent of respondents monitor web-site use, compared with a quarter of their Chinese counterparts. Thirty-five percent of U.S. companies monitor phone usage versus 22 percent of Chinese respondents. Instant message monitoring is nearly even across the United States and Chinese with 29 percent and 30 percent, respectively.

Security Responsibility

  • C-level responsibility for security budget and policy differ across regions. CEOs and presidents hold the purse strings for security spending for 53 percent of U.S. companies, while the majority of security policies are made by CIOs and directors of information services/IT. In China, the majority of security spending is determined by CFOs and finance directors, with policies set by CEOs and presidents. In both regions, the majority of Chief Information Security Officers or equivalent, report directly to the CEO.
  • Sixty-two percent of companies in China are attempting to integrate physical and IT security, compared to 36 percent of companies in the U.S.

Security Vendors and Outsourcing

  • Price is the dominant factor in security product or service selection in both the United States and China. Sixty-four percent of U.S. respondents and 48 percent of Chinese respondents said price was the most important determinant in selecting security products and services, followed closely by the overall technical strength of the product.
  • Chinese companies are more likely to use a managed security provider for security functions, with 36 percent currently using managed security providers and 31 percent planning to, versus only 13 percent and seven percent, respectively, of U.S. companies.
  • The majority of companies in the United States expect to spend the same amount on security outsourcing this year compared with 2006, while the majority of companies in China expect to increase spending on security outsourcing. Sixty-six percent of U.S. companies expect security outsourcing to remain the same this year compared to last year and 27 percent plan to spend more. In China, 51 percent of companies plan to spend more and 45 percent expect to spend the same amount on security outsourcing in 2007.

Featured

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities