Software // Information Management
News
8/15/2006
02:35 PM
50%
50%

Dashboard: Bucking the Hype, IT Security Losses Decline

Given a general security climate in which vulnerability is climbing and reports of computer crime get more alarming, we have to wonder how it can be that respondents to security surveys keep reporting lower numbers.

The Computer Security Institute released its eleventh annual CSI/FBI Computer Crime and Security Survey in July and respondents said they'd lost less money due to security-related incidents than in the previous year. The average loss per responding company was down nearly 18 percent to $167,713, versus $203,606 in the 2005 survey.

Virus attacks continue to be the biggest source of financial losses, followed by unauthorized access, laptop and mobile hardware theft, and theft of proprietary information (see chart). These top-four categories account for more than 74 percent of all security-related financial losses, according to the study. The 616 U.S.-based CSI member companies responding to this year's survey leaned toward larger organizations, with 51 percent having more than 1,500 employees and 57 percent reporting more than $100 million in revenue.

This is the fifth straight year that average losses have fallen, and the drops have been nothing short of startling in recent years. Given a general security climate in which vulnerability is climbing and reports of computer crime get more and more alarming, one has to wonder how it can be that respondents keep reporting lower and lower numbers.

Gartner, in fact, sent its clients a "First Take" analysis of the survey that focuses on the average loss number and took the position "that security administrators should view the findings of all such surveys with extreme skepticism."

Three weeks later, though, Gartner told attendees of the Gartner IT Security Summit in Sydney, Australia, that companies with mature IT security practices could safely reduce their security budgets to between 3 percent and 4 percent of their overall IT budgets. That advice dovetails with the 53 percent of survey respondents who said their security budgets were 5 percent or less of the overall IT budget.

Just what are those security budgets buying? Consistent with last year's study, firewall technologies and antivirus software topped the list, with 98 percent and 97 percent of respondents, respectively, investing in these options. Anti-spyware software, which was added as a category in this year's study, took the No. 3 spot, used by 79 percent of respondents. Although biometrics ranked 17th in the survey, used by 20 percent of respondents, the one-third increased in reported use over last year's survey is notable.

Asked about crime committed by insiders versus outsiders, the former came out looking less threatening, as nearly one third (32 percent) of respondents said they believe insiders account for none of their organization's cyber losses.

The CSI/BFI Computer Crime and Security Survey can be freely downloaded from the Computer Security Institute's Web site at gocsi.com. --Robert Richardson


[ KEY PERFORMANCE INDICATORS ]
Federal Paperwork Reduction

Despite the Federal Government Paperwork Reduction Act, Americans spent an additional 441 million hours filling out Federal paperwork in 2005, up 5.5 percent over the previous year to reach 8.4 billion hours, according to the Office of Management and Budget. Ironically, 116 million hours were lost to the Can-Spam Act, which was intended to increase productivity.
Video Analytics for Airports

Big Brother may be watching you at the airport. In a $30 million pilot program run by the Department of Homeland Security, analytics are being tested to scrutinize streaming video from selected airport surveillance cameras. The software is intended to detect suspicious activity and alert security personnel. Some observers object to the potential for civil liberties violations.
E-Mail Growth

Despite assertions that it's being displaced by text messaging, e-mail messaging is thriving, according to a study by the Radicati Group. As a result, the e-mail archiving market is expected to grow from $800 million in 2006 to nearly $7.8 billion in 2010. The installed base of wireless e-mail access device users is expected to grow from 14 million in 2006 to 228 million in 2010.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.