91% of companies have experienced at least one IT security event from an external source in the last 12 months.
This is just one of the results of the 'Global IT Security Risks' survey conducted by Kaspersky Lab in partnership with global research and business intelligence consultancy B2B International.
More than 1,300 IT professionals in 11 countries participated in the survey.
The most common security threat comes in the form of viruses, spyware and other malicious programmes. 31% of malware attacks resulted in some form of data loss, with 10% of companies reporting the loss of sensitive business data.
The second most frequent event is network intrusion: 44% of companies surveyed experienced a security issue related to vulnerabilities in existing software. 18% of the organisations also reported intentional leaks or data being shared by staff. Loss of sensitive data occurred in almost half of these cases.
B2B International Director Oliver Truman, in charge of the study, says:
“We found that only 70% of companies have implemented anti-malware protection solutions fully across their businesses, with 3% having no protection at all. The level of anti-malware implementation varies from country to country: in emerging markets 65% of companies have adopted it, while in the UK and US levels of implementation stood at 92% and 82% respectively.” Despite this, the vast majority of companies still experienced an IT security breach in the last 12 months, and almost a third lost business information.
“Almost half of all organisations see cyber-threats as one of the top-three emerging risks – IT strategy is ranked even higher than financial, marketing and human resources strategy,” explained Alexander Erofeev, Director of Market Intelligence & Insight at Kaspersky Lab. “The most likely explanation is underinvestment in IT security.” Currently, the average investment in IT security is reported to be $8,055 for small businesses, $83,200 for medium-sized companies and $3,263,476 for large corporations. Almost half of the companies surveyed (45%) evaluated their IT security budget as insufficient.
The 'Global IT Security Risks' survey discovered other concerns, among them a cautiousness towards new media. Given the fact that knowledge about IT security threats among end users is lacking, companies restrict their activities in some way.
Thus, 57% of organisations agreed that use of social media by employees introduces significant risks and 53% have banned these kinds of services for end users. File sharing is the most restricted activity, followed by social networking, online gaming and website access. Restrictions are most frequently applied in larger corporations.
The security of mobile devices is another issue for businesses. 55% of the companies reported that they are much more concerned about this subject than they were a year ago.
In fact, around a third of the workforce has been “mobile” for some time already; however, only 36% of companies have a fully implemented policy to deal with security off-site.
Emerging new technologies such as cloud-based services are evaluated as a possible new source of security risks. 42% of companies are occasionally reluctant to adopt new technologies because of the risks involved.
Software-as-a-Service (SaaS), being part of the new 'cloud' trend, is considered to be an opportunity in terms of security by 38% of the companies.
Organisations see this as a possible way to effectively 'outsource' security issues to the service vendor.
“Our research came up with practical recommendations such as: choose a security solution that fits your business; invest in employee education; ensure effective anti-malware protection for all endpoints, including mobile devices; set up a centralised management system for all endpoint devices; and protect end user communication instead of merely restricting it.”
About B2B International
About Kaspersky Lab