Symantec 2010 State of Enterprise Security Study

News Release

Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks
on Worldwide Business

75 percent of organisations have suffered a cyber attack losing an average of USD$2 million annually

Symantec Corp. (Nasdaq: SYMC) today released the findings of its global 2010 State of Enterprise Security study. The study found that 42 percent of organisations globally and 43 percent in Australia and New Zealand (ANZ) rate security their top issue. This isn’t a surprise, considering that 75 percent of organisations globally and 89 percent in ANZ experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of US$2 million per year. Finally, organisations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries (including 125 Australian and 75 New Zealand organisations) in January 2010.

“Protecting information today is more challenging than ever,” said Francis deSouza, senior vice president, Enterprise Security, Symantec Corp. “By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today’s information-driven world.”

Study Highlights:
• Security is of great concern to global enterprises. Forty-two percent of enterprises globally and 43 percent in ANZ rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined. Reflecting that perception, IT is intently focused on enterprise security. On average, IT assigns 120 staffers to security and IT compliance. Enterprises rated “better manage business risk of IT” as a top goal for 2010, and 84 percent globally (91 percent in ANZ) rated it absolutely/somewhat important. Nearly all the enterprises surveyed (94 percent globally and 100 percent in ANZ) forecasted changes to security in 2010, with almost half (48 percent globally and 58 percent in ANZ) expecting major changes.
• Enterprises are experiencing frequent attacks. In the past 12 months, 75 percent of enterprises globally and 89 percent in ANZ experienced cyber attacks, and 36 percent globally and 34 percent in ANZ rated the attacks somewhat/highly effective. Worse, 29 percent of enterprises globally and 34 percent in ANZ reported attacks have increased in the last 12 months.
• Every enterprise (100 percent) experienced cyber losses in 2009. The top three reported losses globally were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. In ANZ, the top three reported losses were theft of corporate data at 53 percent; theft of customer personally identifiable information at 53 percent and identity theft at 37 percent. These losses translated to monetary costs 92 percent of the time. The top three costs were productivity, revenue, and loss of customer trust globally and loss of data (49 percent); damage to brand (37 percent); and lost revenue (31 percent) in ANZ. Enterprises reported spending an average of USD$2 million annually to combat cyber attacks.
• Enterprise security is becoming more difficult due to a number of factors. First, enterprise security is understaffed, with the most impacted areas being web security (52 percent in ANZ); network security (49 percent in ANZ); messaging security (49 percent in ANZ); vulnerability assessment and intrusion detection (49 percent in ANZ); data loss prevention (46 percent in ANZ); and endpoint security (43 percent in ANZ). Second, enterprises are embarking on new initiatives that make providing security more difficult. Initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service. Finally, IT compliance is also a huge undertaking. The typical enterprise is exploring 19 separate IT standards or frameworks and are currently employing eight of them. Some of the top standards include ISO, HIPAA, Sarbanes-Oxley, CIS, PCI, Cobit, and ITIL.

“Abu Dhabi Commercial Bank is a good example of an organisation that has put an effective security strategy into place with an emphasis on addressing issues proactively,” continued de Souza. “The company has a complete solution set of products and services that provide 24-hour protection, threat monitoring and response, all for a fixed annual cost. This approach is more cost-effective than securing a network after it has been compromised.”

Recommendations
• Organisations need to protect their infrastructure by securing their endpoints, messaging and web environments. In addition, defending critical internal servers and implementing the ability to back up and recover data should be priorities. Organisations also need the visibility and security intelligence to respond to threats rapidly.
• IT administrators need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in knowing where sensitive information resides, who has access, and how it is coming in or leaving your organisation.
• Organisations need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
• Organisations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.

Click to Tweet: Study from @Symantec says cyber attacks cost large enterprises $2 million annually. http://bit.ly/bhOwmV

Resources
• Find additional materials in the 2010 Symantec State of Enterprise Security Study Online Press Kit
• Watch the 2010 Symantec State of Enterprise Security Study Video on YouTube
• View the 2010 Symantec State of Enterprise Security Study (PDF)
• Access the 2010 Symantec State of Enterprise Security Study presentation on Slideshare.net

About Business Solutions from Symantec
Symantec helps organisations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions.

About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com

ENDS

© Scoop Media