One in five IT pros don't believe in security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itp.net/597378-one-in-five-it-pros-dont-believe-in-security#.UznRHqhX-uY

One in five IT professionals believe that IT security is an unnecessary
expense, according to a survey conducted by SAP security consultancy
Turnkey Consulting.

The survey found that 17.5% of those surveyed thought that IT security was
an unnecessary expense only undertaken to keep auditors happy. This
proportion had increased from 12.2% since the last time the study was
conducted in 2012. Only 37.5% believe that it was essential business
practice that can deliver ROI.

Forty percent of survey respondents also said that security was regarded
solely as an IT issue within their organisation, while 57.5% saw security
as everyone's responsibility.

The poor perception of IT security was in spite of over two-thirds of
respondents (71.8%) saying that their organisation faced increased risks
from external threats.

The survey, 'A Risk Perspective on 2014' also found that 38.2% of
respondents had experienced a fraud incident in 2013, up from 31.3% in
2012.  In addition, in the past year, 30% had experienced a data loss that
affected business operations, up from 17.1% in 2012.

"Corporate SAP systems are accessed from an increasing number of
touchpoints, both inside and outside the organisation as employees adopt
mobile working, and enterprises look to enhance third party relationships
with suppliers and customers," said Richard Hunt, managing director of
Turnkey Consulting. "Although this streamlines business processes, it
increases the risk to the enterprise, as reflected by the key findings of
this year's survey. An end-to-end approach to security is required to fully
secure the organisation's systems and data, so it is concerning to see that
IT security is still not perceived to be an integral part of the business."

The survey was conducted between November 2013 and March 2014, and sampled
55 SAP software users involved in security and controls activities.

The study also found that organisations will increase security spending in
parallel with investment in new technologies or strategies. Thirty-nine
percent of organisations planning to invest in big data projects said they
would invest in additional security; 48.7% would increase security
investment while investing in mobile solutions and 40% of those who will
invest in cloud will also increase security spending. In addition, 67.5% of
those surveyed were making plans for additional security around outsourcing.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!