Research: 2012 Strategic Security Survey

May 01, 2012


2012 Strategic Security Survey: Pick The Right Battles 

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility and software development.

On the mobile device front, a full quarter of respondents say smartphones and tablets represent a significant threat to security. Loss or theft is IT’s greatest concern when it comes to mobile devices, a result unchanged from 2011.

It’s clear from our survey that organizations today take cloud security much more seriously than in the past. The percentage of respondents who conduct their own risk assessments of cloud providers jumped to 29% this year, from 18% in 2011. Even better news is that the percentage of companies that don’t bother with a risk assessment dropped by almost half compared to 2011. 

The report drills into data on secure software development. This is an important component of a risk management practice because flaws and defects in software can be exploited by attackers. One recommendation is for organizations to invest in a secure software development life cycle. Only a third of our 946 respondents do so. That’s a number that needs to grow. For those that do use a secure SDLC, 33% rate it to be very effective.

This year’s report also delves into why you should pay more attention to access controls, the importance of user education, the benefits of collecting and analyzing security metrics, and the usefulness (or lack thereof) of cyber-breach insurance. (R4670512)

Survey Name InformationWeek 2012 Strategic Security Survey
Survey Date March 2012
Region North America
Number of Respondents 946 at organizations with 100 or more employees
Purpose To comprehensively assess the current state of security programs, where organizations are focusing their security efforts, and how IT is adapting to current threats and trends.
Methodology InformationWeek surveyed business technology decision-makers at North American
organizations with 100 or more employees. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek and Dark Reading subscribers.

Research Report