Study: More Than 84 Percent of North American Enterprises Suffered Security Breach in the Last Year

July 6, 2006
A new security study of 642 large North American organizations shows that more than 84 percent suffered some type of security incident over the past 12 months and that there was a 17 percent increase in incidents over the past 3 years.

The study, sponsored by CA, an information technology (IT) management software company, found that as a result of security breaches, 54 percent of organizations reported lost workforce productivity; 25 percent reported public embarrassment, loss of trust/confidence and damage to reputation; and 20 percent reported losses in revenue, customers or other tangible assets. Of the organizations that experienced a security breach, 38 percent suffered an internal breach of security.

In addition, the findings indicate that security isn't being taken seriously enough at all levels of an organization, especially in the financial service industry. Nearly 40 percent of respondents indicated that their organizations don't take IT security risk management seriously at all levels, while 37 percent believe their organization's security spending is too low. Only 1 percent believe it is too high.

Despite these findings, the survey revealed that organizations are taking steps to improve security. The three most important cited security steps were documenting security policies (88 percent), creating security education policies for employees (83 percent) and creating a chief information security officer position (68 percent) within the organization.

The survey also found that a lack of centralized security administration is affecting employee productivity. Only 6 percent of the organizations were able to provide new employees or contractors with access to all the applications or systems they require on their first day of work.

"These survey results demonstrate that even though organizations are investing in security technologies, they still aren't achieving the results they seek," said Toby Weiss, senior vice president and general manager of CA's Security Management Business Unit. "Clearly, more work needs to be done in terms of both improved security management itself and better education of business users about the importance of IT security best practices."

The survey also found that organizations are turning towards identity and access management (IAM) technology to improve security, enable regulatory compliance and reduce costs. More than 75 percent of the organizations surveyed have implemented some form of IAM functionality and are continuing with IAM investments, with an additional 18 percent planning to begin rolling out an IAM solution or extend their IAM deployments over the next 12-18 months.

About the Author

Sandy Smith

Sandy Smith is the former content director of EHS Today, and is currently the EHSQ content & community lead at Intelex Technologies Inc. She has written about occupational safety and health and environmental issues since 1990.

Sponsored Recommendations

What is the key difference between OSHAS 18001 vs. ISO 45001

March 13, 2025
Learn about the main differences between OHSAS 18001 and ISO 45001, and how ISO 45001 takes a proactive approach to prevent work-related incidents. Find out why businesses should...

Ensuring a Safer Workplace through a Comprehensive Contractor Qualification Framework

March 13, 2025
Avetta is a leader in contractor management, and with over 15 years of industry experience, we can help you establish a robust contractor pre-qualification program that aligns...

EQT Private Equity to Acquire Avetta from WCAS

March 13, 2025
EQT commits to supporting Avetta in its ongoing growth and innovation journey.

Guide to OSHA Workplace Lighting Requirements

March 13, 2025
Learn OSHA workplace lighting requirements to enhance safety, productivity, and quality. Discover standards, compliance benefits, and risks of non-compliance.

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!