Report: 41 Percent of Organizations Not Protected Against IT Security Risks

McAfee Inc. has announced new research that found 41 percent of organizations are not well aware of or protected against IT security risks. An additional 40 percent are not completely confident they can effectively deploy countermeasure products, thus leaving them at risk. The report, Risk and Compliance Outlook: 2011, commissioned by McAfee and conducted by Evalueserve, found that to address these concerns, nearly half of all companies plan to spend an average of 21 percent more in 2011 on risk and compliance solutions. Overall, the survey indicated strong growth for risk and compliance products in 2011, with the majority of CSO’s and other decision-making executives demanding integrated and automated solutions rather than point products.

In regards to regulatory compliance, a large proportion, 75 percent of respondents, are not confident that they will pass a regulatory audit, with more than half of organizations stating that they have already failed an audit. Some 9 percent of companies indicated that these audit failures resulted in industry or government fines. Databases also ranked as the biggest infrastructure challenge in terms of complying with regulatory mandates.

Key findings from the study include:

  • 41 percent of companies indicate they will be investing in database activity monitoring.
  • 45 percent of companies are patching systems every week.
  • 49 percent of companies stated that they try to over-protect by patching everything.
  • 84 percent of the respondents believe that their business and security operations are effected by out-of-cycle patches.
  • 37 percent are not confident in knowing which assets need to be patched when a new threat materializes.
  • 24 percent of organizations are spending more than $250,000 annually on auditors.
  • Compliance is perceived as the main budget driver for 25 percent of IT projects.
  • More than 40 percent of organizations get into “firefight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities.
  • 39 percent are not confident of being able to translate IT risks into business risks.
  • 56 percent of organizations indicated adding countermeasure awareness to their risk analysis would provide the biggest benefit.
  • 60 percent of the respondents believe that up to 10 percent of downtime is attributable to unauthorized changes that take place over the entire year.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee. “As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls.”


Featured

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

  • TSA Begins REAL ID Full Enforcement Today

    Today, the Transportation Security Administration (TSA) announced the imminent implementation of its REAL ID enforcement measures at TSA checkpoints nationwide. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.