Report: 41 Percent of Organizations Not Protected Against IT Security Risks

McAfee Inc. has announced new research that found 41 percent of organizations are not well aware of or protected against IT security risks. An additional 40 percent are not completely confident they can effectively deploy countermeasure products, thus leaving them at risk. The report, Risk and Compliance Outlook: 2011, commissioned by McAfee and conducted by Evalueserve, found that to address these concerns, nearly half of all companies plan to spend an average of 21 percent more in 2011 on risk and compliance solutions. Overall, the survey indicated strong growth for risk and compliance products in 2011, with the majority of CSO’s and other decision-making executives demanding integrated and automated solutions rather than point products.

In regards to regulatory compliance, a large proportion, 75 percent of respondents, are not confident that they will pass a regulatory audit, with more than half of organizations stating that they have already failed an audit. Some 9 percent of companies indicated that these audit failures resulted in industry or government fines. Databases also ranked as the biggest infrastructure challenge in terms of complying with regulatory mandates.

Key findings from the study include:

  • 41 percent of companies indicate they will be investing in database activity monitoring.
  • 45 percent of companies are patching systems every week.
  • 49 percent of companies stated that they try to over-protect by patching everything.
  • 84 percent of the respondents believe that their business and security operations are effected by out-of-cycle patches.
  • 37 percent are not confident in knowing which assets need to be patched when a new threat materializes.
  • 24 percent of organizations are spending more than $250,000 annually on auditors.
  • Compliance is perceived as the main budget driver for 25 percent of IT projects.
  • More than 40 percent of organizations get into “firefight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities.
  • 39 percent are not confident of being able to translate IT risks into business risks.
  • 56 percent of organizations indicated adding countermeasure awareness to their risk analysis would provide the biggest benefit.
  • 60 percent of the respondents believe that up to 10 percent of downtime is attributable to unauthorized changes that take place over the entire year.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee. “As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls.”


  • Fresh Security Perspective from AMAG’s New Sales Director A Fresh Perspective on Security

    Fred Nelson may be new to the security industry but his sales and leadership methods are time tested, and true. Fred joined AMAG only a few months ago, but brings with him a wealth of experience in sales and life balance solutions. This year is off to a good start for AMAG with new solutions on the horizon.

Digital Edition

  • Security Today Magazine - April 2022

    April 2022

    Featuring:

    • Similarities at Data Centers and Airports
    • Transitioning to the Cloud
    • Going High Tech
    • The Benefits of On-site Security
    • Optimizing Store Layouts

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety