Relentless security threats drive outsourcing trend
Nearly 100 per cent of respondents to the Symantec 'Managed Security in the Enterprise Report 2009' have experienced ‘tangible loss as a result online attacks’ in the last two years – a situation worsened by inadequate budgets, tighter regulatory pressures, and staffing problems. As a result, 61 per cent of US enterprises are moving to adopt managed security services.
Almost half - 46 per cent - of US enterprises report that cyber threats have somewhat/significantly increased in the past two years and are expected to somewhat/significantly increase by 2011. In fact, 88 per cent of those surveyed saw cyber attacks in the past two years with 31 per cent seeing attacks on a regular basis, and 10 per cent seeing a large/extremely large number of attacks.
To put the problem in context, when asked to rank various risks in order of significance to their organisation, those ranking cyber attacks as No. 1 or No. 2 outpaced all other risks by a wide margin (twice as many as natural disasters and traditional crime, and four times as many as terrorism).
These attacks drive significant losses. Nearly all - 98 per cent - experienced some sort of loss, with 46 per cent experiencing downtime, 31 per cent experiencing theft of customer or employee personally-identifiable information, and 25 per cent experiencing theft of corporate data.
Some 49 per cent of those surveyed report that it is getting somewhat/significantly more difficult to provide IT security. Respondents cited a variety of factors, including the increase in threats, inadequate staffing, growing regulatory requirements, and insufficient budgets.
Staffing is especially problematic: 40 per cent of organisations say they are somewhat/significantly understaffed, primarily because of difficulties finding qualified applicants, layoffs, and lack of funds in current economic conditions. Exacerbating the problem is the fact that existing staff skillsets are ‘too narrow’, respondents say, and it is difficult to retain the best security staff.
With the problem outgrowing IT’s ability to provide security internally, it is not a surprise that many (61 per cent) of those surveyed are embracing managed security services to bridge the gap. The reasons cited by IT management include the ability to provide 24x7 coverage, lower overall costs, access to security expertise, and an enhanced ability to mitigate security risks.
Symantec’s ‘Managed Security in the Enterprise Report’ is the result of a survey conducted in January 2009 by Applied Research. The study targeted 1,000 IT and security professionals in mid- to large enterprises, and large public sector institutions located in the United States and five European countries (Germany, UK, France, Italy, and Spain).