01:22 PM

Three Out Of Four Say Business Security Has Improved

But people issues and organizational changes resulting from mergers, acquisitions, and outsourcing still pose challenges.

Nearly 30% of IT security pros say they have little or no confidence that their companies detected all data security beaches last year, according to a new survey.

In addition, about 26% of survey respondents rated their current IT environments as more vulnerable than a year ago, according to the study of 100 senior IT and data security professionals by Forsythe Technology Inc., a vendor of IT infrastructure products and services.

Many of the survey respondents blamed increased security vulnerability on organizational changes and "people issues," including mergers and acquisitions and outsourcing, says Pamela Fredericks, Forsythe manager for security advisory services.

"Often, there aren't enough people resources for security tasks or security roles were not well defined," Fredericks says.

Also, when organizational changes occur—such as new outsourcing arrangements, new application deployments, or mergers or acquisitions—there isn't a clear definition of who's responsible for responding to security breaches if they occur, she says.

Meanwhile, 43% of the respondents said policy, process, and procedure issues will consume the most time and effort this year in their organization's IT security programs. Access control and identity management ranked second, with 35% of respondents saying those security issues will consume the most time and effort this year.

The survey's good news was that nearly three-quarters of the respondents said they feel their companies are less vulnerable to security breaches than a year ago.

Among the factors fueling their confidence was their companies' compliance with regulatory demands, such as documenting security controls. "This exercise, which requires an assessment of different security procedures, helps them feel less vulnerable," says Fredericks.

Other reasons respondents cited for feeling less vulnerable also include people issues, including the addition of a security officer, improved awareness and education, and executive support of IT security issues.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.