Businesses Security Breaches Rising

More than 84 percent of North American enterprises have had their security breached within the past year, according to a recent survey.

Breaches grew by 17 percent over the past three years and the number of incidents continues to rise, according to results announced Wednesday by CA, formerly Computer Associates.

Security incidents caused 54 percent of organizations to lose productivity, according to the survey, conducted from January through May 2006, by The Strategic Counsel. Twenty-five percent said they were publicly embarrassed or suffered a loss of confidence and damage to reputation; and 20 percent reported loss of revenue, customers or other tangible assets. Thirty-eight percent of the organizations reporting security incidents said the breaches were internal.

CA said the survey of 642 large North American organizations, with revenues averaging $1.4 billion, shows that groups do not take security seriously enough, especially in financial services. Nearly 40 percent of respondents said their organizations do not consider risk management seriously at all levels, while 37 percent said they lack proper spending levels. Only 1 percent said security spending is too high.

"These survey results demonstrate that even though organizations are investing in security technologies, they still aren't achieving the results they seek," Toby Weiss, senior vice president and general manager of CA's Security Management Business Unit, said in a prepared statement. "Clearly, more work needs to be done in terms of both improved security management itself and better education of business users about the importance of IT security best practices."The survey also found that 6 percent of the organizations could provide new employees or contractors with access to applications or systems they require on their first day of work.

Many organizations reported attempts to improve security. Eighty-eight percent said they were documenting security policies; 83 percent said they were creating security education policies for employees; and 68 percent said they were adding a chief information security officer.

More than 75 percent reported that they have implemented some type of identity and access management technology. Another 18 percent reported plans to use or extend an identity and access management solution over the next 12 to 18 months.

The organizations surveyed have IT budgets averaging $22 million a year and cover vast business territory, including manufacturing, government, financial services, retail, communications, pharmaceuticals, and oil and gas. The survey had a margin of error from +/- 2.6 to +/-3.8, with a 95 percent confidence level.