Feeds

Go-ahead US companies fail to prioritise security

Fast expanding firms exposed to rising risks

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Nearly half of America's fastest growing companies suffered an information security breach over the last two years, despite beefed-up precautions since the 9/11 terrorist attacks.

Most (83 per cent) of victims experienced monetary loss and nearly one in four (24 per cent) network downtime as a result of security breaches, according to a survey by management consultancy PricewaterhouseCoopers (PwC) out this week. Other effects included intellectual property theft (two per cent), identity theft (two per cent) and fraud (one per cent).

Exactly 90 per cent of penetrated companies were victims of computer viruses or worms.

Other vulnerabilities included denial of service (13 per cent of companies); manipulated systems programs (five per cent); manipulated software applications (five per cent) and mobile/wireless application intrusion (two per cent).

Computer hackers were cited as the means of penetration by 61 per cent of the victims, with unauthorised users and employees suspected by seven per cent.

Two-thirds of the 402 CEOs of privately-held product 'trendsetter' companies interviewed by PwC report that information security is important to their company's near-term profitable growth. Fifteen per cent of those surveyed are planning IT security budget increases this year, however PwC reports that "relatively few have identified information security priorities for the next 12 months".

Security risks up but spending flat

On average, fast growth companies expect to spend 1.9 per cent of their operational budget this year on information security, about the same as they did in 2002 (1.8 per cent).

Many companies have boosted their security precautions since 9/11. Even though terrorism risks have, in our opinion, little to do with information security this extra spending ought to leave company IT systems better protected.

Since 9/11, 46 per cent of the surveyed companies increased spending to protect IT systems and data. Just over a third (38 per cent) have created or updated disaster recovery plans while 31 per cent have increased spending to protect intellectual property. A quarter (24 per cent) have increased spending to protect physical property. Meanwhile, 24 per cent have introduced extra screening checks for employees and 18 per cent have expanded employee identification programs.

Not good enough, according to PwC.

"Unless more attention is given to information security budgets and priorities, many of these fast growth companies could be placing themselves at risk," said Mark Lobel, senior manager of security and privacy services at PricewaterhouseCoopers. "This situation may be like replacing your windshield wipers—you're wise to change them on a sunny day, to be prepared for a rainy one." ®

Related Stories

US cyber crime losses tumble
UK SMEs are sitting ducks for crackers
Hi-tech crime threatens UK plc - survey
Warning: virus terrorism stories may contain nuts

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.