Compliance Is Still a Worry, but Security Is Now a Top Concern
IT security teams have made protecting business data their top priority but do not spend enough time communicating with executives, finds two surveys.Network breaches have become the top concern for security professionals, replacing worries over a company's compliance with federal and industry regulations, according to two surveys released in the past week. A survey of 272 security managers and network engineers, titled "What Keeps IT Pros Up at Night" found that 34 percent of respondents worry most about the possibility of a breach, while 31 percent of those polled are concerned with failing an IT-security audit. To improve security, about 20 percent of IT security professionals said they plan to implement the SANS Critical Security Controls in the next 12 to 24 months. "For the first time, we are seeing security as the dominant concern that is keeping them awake, versus compliance," said Vijay Basani, CEO of EiQ Networks, which conducted the study. "It is a nice thing to see, because for a very long time, security professionals were all about compliance, compliance, compliance." Data breaches have become commonplace in the last few years, with massive breaches of companies such as LinkedIn and the South Carolina Department of Revenue. The cost of data breaches can be cut by 25 percent if the victim has invested strongly in security management, according to a Ponemon Institute report released earlier this year.
A troubling trend, however, is that two-thirds of respondents reported that their security teams do not have enough staff to do their jobs. In addition, more than one-third of IT professionals rarely or never meet with business executives to better understand the impact that security can have on the business, the survey found.