Study: Security Breaches Afflict Most Enterprises, Governments

Eight-four percent of enterprises and government agencies reported some type of security breaches in the last year, according to a new survey by Computer Associates International.

In the past year, 84 percent of enterprises, as well as state and local governments, reported some type of security breaches, according to a new survey released by Computer Associates International.

The survey also found that security breaches have increased 17 percent in the last three years, according to the survey released by the Islandia, N.Y., IT management software company on July 5.

The survey, conducted by The Strategic Counsel, questioned 642 enterprises and government agencies between January and May 2006. The companies had average annual revenues of $1.4 billion and IT budgets of $22 million.

Those enterprises and government agencies surveyed reported that when a security breach happened, 54 percent lost productivity, 20 percent reported lost revenue and 25 percent claimed to have suffered some sort of public backlash with either a lost of reputation or trust with customers.

When an enterprise or agency did find a security problem, 38 percent reported that the breach was internal.

The CA survey also found that many enterprises do not take the problem seriously enough. Only one percent of those surveyed thought IT security spending was too high, while 38 percent said it was much too low.

"These survey results demonstrate that even though organizations are investing in security technologies, they still arent achieving the results they seek," Toby Weiss, senior vice president and general manager of CAs Security Management Business Unit, said in a statement.

/zimages/1/28571.gifLaw enforcement, private companies team to fight ID theft. Click here to read more.

"Clearly, more work needs to be done in terms of both improved security management itself and better education of business users about the importance of IT security best practices."

Even with such findings, enterprises and government agencies did report that more was being done to address security concerns.

The three most important solutions were documenting security policies, creating educational policies for employees and establishing CIO positions.

More than 75 percent of the enterprises and agencies questioned reported that their organizations were moving toward IAM (identity and access management) to improve security and reduce costs.

The survey did not include any federal government agencies.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.