Compliance Is Still a Worry, but Security Is Now a Top Concern

IT security teams have made protecting business data their top priority but do not spend enough time communicating with executives, finds two surveys.

Network breaches have become the top concern for security professionals, replacing worries over a company's compliance with federal and industry regulations, according to two surveys released in the past week.

A survey of 272 security managers and network engineers, titled "What Keeps IT Pros Up at Night" found that 34 percent of respondents worry most about the possibility of a breach, while 31 percent of those polled are concerned with failing an IT-security audit. To improve security, about 20 percent of IT security professionals said they plan to implement the SANS Critical Security Controls in the next 12 to 24 months.

"For the first time, we are seeing security as the dominant concern that is keeping them awake, versus compliance," said Vijay Basani, CEO of EiQ Networks, which conducted the study. "It is a nice thing to see, because for a very long time, security professionals were all about compliance, compliance, compliance."

Data breaches have become commonplace  in the last few years, with massive breaches of companies such as LinkedIn and the South Carolina Department of Revenue. The cost of data breaches can be cut by 25 percent if the victim has invested strongly in security management, according to a Ponemon Institute report released earlier this year.

A troubling trend, however, is that two-thirds of respondents reported that their security teams do not have enough staff to do their jobs. In addition, more than one-third of IT professionals rarely or never meet with business executives to better understand the impact that security can have on the business, the survey found.

"This will be a problem going forward, unless IT security and business people communicate about the issues facing the business," Basani said.

In attempting to comply with regulations, the two largest concerns are the ability to measure and report on IT issues that affect compliance and the automation of IT security controls. A quarter of respondents to the study said they do not know how long it will take to identify the root cause of a breach.

Almost all companies are worried about their customers' perceptions of their security, according to a study released this week by technology firm Unisys. The survey found that 91 percent of business and technology professionals said they worry about a breach undermining their customers' faith in their ability to secure data.

"Business and technology decision makers are seeing threats from all directions and are looking for new ways to protect their organizations and their clients," Steve Vinsik, vice president of global security solutions at Unisys, said in a statement.

Wireless infrastructure and network defenses are considered the most vulnerable to attacks; 74 percent and 72 percent of respondents, respectively, said they are concerned with those potential entry points.