Presentation on theme: "Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning."— Presentation transcript:
Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning and Market Analysis Branham Group May 11, 2004
Survey Objective/Scope Survey Results Importance of IT Security Risk of Attack Disclosing a Security Breach Resolving a Security Breach IT Virus Infections Managing IT Security Monitoring for IT Security Breaches Investment in IT Security Summary Agenda
Survey Objective/Scope Objective: Gauge the awareness, priority and understanding of IT Security in Canada Target Audience: Senior IT Executives from Canadian Financial Post 800 Companies and Leading Canadian Universities & Colleges Timeframe: February - March 2004 Total Respondents: 150 VP IT/IS: 99 CIO: 27 CTO: 3 CFO: 13 CSO: 8
Concern for IT Security is on the Rise! Survey Results ALL respondents identified IT Security as an area of importance 65.5% ranked security amongst top 5 corporate priorities 55.4% of respondents from FP800 Companies are more concerned about IT Security then they were 12 months ago (3.57% Less, 41.1% Unchanged) Importance of IT Security
2004 Top 3 IT Security Concerns: Unauthorized Access by Insiders Viruses Identity Theft Importance of IT Security Survey Results 2003 Top 3 IT Security Concerns: Hackers Unauthorized Access Viruses
Survey Results Risk of Attack Risk of Attack was rated low Today: weighted average of 4.10 (10 being the highest risk and 1 being the lowest) Consistent with 2003 result of 4.12 In 12 Months: weighted average of 4.18 Top 3 Drivers for attention to IT Security: Data/Information Protection Lost Revenue Negative Publicity
Survey Results Disclosing a Security Breach 39.3% claimed they would admit to a security breach while 35.7% would not Consistent with 2003 results: 41.3% would admit to a breach vs. 37.3% who would not 79.5% of those that would admit to a breach have been a target (unauthorized access, viruses, etc.). Only 19.4% admitted to being a target in 2003!
Survey Results Disclosing a Security Breach Top 3 Security Breaches: SPAM, Unauthorized Access by Insiders, Denial of Service Attacks
Survey Results Resolving a Security Breach Top 3 Departments Involved in Resolving a Breach: Information Technology (IT); Human Resources; Legal Top 3 Costs of Resolving a Security Breach: 67%: $0-$10K; 17%: $10K-$50K; 11%: $50K-$100K
Survey Results IT Virus Infections Top 3 Categories for Frequency of Virus Infections: Quarterly: 24.5% Never: 23.5% Yearly: 19.6% Perceived Threats Lost Revenue Lost Employee Productivity
Survey Results Managing IT Security 86.5% of FP800 respondents have implemented an IT Security Policy The majority of IT Security Issues are dealt with internally
Survey Results Monitoring for IT Security Breaches 64.5% of respondents claim that 100% of their network is being monitored for intrusions (11.8% dont monitor at all) 62.8% of respondents claim to review their Firewall logs for inappropriate activity Daily (22.5% weekly) 89.8% of respondents claim to monitor their critical application servers for non-authorized access/use 27.3% of respondents claim to run vulnerability assessment scans of their networks and critical services annually (19.3% quarterly, 18.2% monthly, 15.9% weekly, 11.3% daily) 37.4% of respondents claim to run penetration testing on their infrastructure annually (23.1% quarterly, 13.2% never) 80.6% of respondents claim to have a formal procedure to manage vulnerabilities and implement patches 69.4% of respondents claim to have developed an incident response plan that would be initiated should a security breach occur.
Survey Results Investment in IT Security IT Security Spend rose in 2004 and is expected to continue to rise going into 2005 On average 7.6% of the IT Budget for FP800 Companies is dedicated to IT Security
Summary Canadas leading IT executives are more concerned about IT Security then they were a year ago, however few see their organizations as being a significant risk of attack IT attacks are on the rise, however IT executives continue to be reluctant in disclosing breaches Concerns for Identity Theft are on the rise Denial of Service Attacks are on the rise Investment in IT Security Training is on the rise A majority of FP800 respondents have implemented an IT Security Policy IT Security Investments continue to rise, albeit at a slower pace…
Contact Andrew Bisson Director, Planning and Market Analysis Tel: (613) 745-2282 ext 17 E-mail: firstname.lastname@example.org www.branhamgroup.com