Despite Threats, Security Awareness Lags

Despite highly publicized security breaches this year such as Code Red, a surprising number of organizations are not planning to increase security spending over the next 18 months, a recent survey says.

According to a report released Tuesday by Jupiter Media Metrix Inc. in New York, more than 46 percent of security budgets will shrink or remain at last years level. And though 53 percent will increase their security budgets in some fashion, of those surveyed, only 6.4 percent of respondents said spending on security will grow more than 50 percent from last year.

The study is based on a survey of 471 high-level IT managers including chief information officers and chief technology officers at organizations with revenues of $50 million or more.

Jupiter attributes the decreases in security spending to a lack of awareness of the threats that are out there. Forty percent of U.S. companies with a Web presence are concerned with the loss of customer trust and confidence in the event of a security breach. But, the survey found, only 12.1 percent cite direct financial loss as a concern.

And while 29 percent of Web site managers and CIOs rate their risk of attack as “low,” nearly a third of these managers classify their data sensitivity as “high.”

Those IT managers could be in for a surprise. This year, the 2001 Computer Crime and Security Survey by the Computer Security Institute and the Federal Bureau of Investigation found that various cybercrimes accounted for $378 million in losses among the 186 companies that were able to quantify their damages in 2001. The theft of proprietary information alone cost the 186 companies $151 million in 2000.

“There is a fundamental lack of understanding out there when it comes to the gravity of security breaches,” said David Schatsky, an analyst at Jupiter Media Metrix, in a release.