Nearly 30% of IT security pros say they have little or no confidence that their companies detected all data security beaches last year, according to a new survey.
In addition, about 26% of survey respondents rated their current IT environments as more vulnerable than a year ago, according to the study of 100 senior IT and data security professionals by Forsythe Technology Inc., a vendor of IT infrastructure products and services.
Many of the survey respondents blamed increased security vulnerability on organizational changes and "people issues," including mergers and acquisitions and outsourcing, says Pamela Fredericks, Forsythe manager for security advisory services.
"Often, there aren't enough people resources for security tasks or security roles were not well defined," Fredericks says.
Also, when organizational changes occur—such as new outsourcing arrangements, new application deployments, or mergers or acquisitions—there isn't a clear definition of who's responsible for responding to security breaches if they occur, she says.
Meanwhile, 43% of the respondents said policy, process, and procedure issues will consume the most time and effort this year in their organization's IT security programs. Access control and identity management ranked second, with 35% of respondents saying those security issues will consume the most time and effort this year.
The survey's good news was that nearly three-quarters of the respondents said they feel their companies are less vulnerable to security breaches than a year ago.
Among the factors fueling their confidence was their companies' compliance with regulatory demands, such as documenting security controls. "This exercise, which requires an assessment of different security procedures, helps them feel less vulnerable," says Fredericks.
Other reasons respondents cited for feeling less vulnerable also include people issues, including the addition of a security officer, improved awareness and education, and executive support of IT security issues.