Title: Symantec 2004 Pulse of IT Security in Canada Volume II
1Symantec 2004 Pulse of IT Security in Canada
Volume II
- Survey shows Increases in Concern and Spending
for IT Security
Andrew Bisson Director, Planning and Market
Analysis Branham Group May 11, 2004
2Agenda
- Survey Objective/Scope
- Survey Results
- Importance of IT Security
- Risk of Attack
- Disclosing a Security Breach
- Resolving a Security Breach
- IT Virus Infections
- Managing IT Security
- Monitoring for IT Security Breaches
- Investment in IT Security
- Summary
3Survey Objective/Scope
- Objective Gauge the awareness, priority and
understanding of IT Security in Canada - Target Audience Senior IT Executives from
Canadian Financial Post 800 Companies and Leading
Canadian Universities Colleges - Timeframe February - March 2004
- Total Respondents 150
- VP IT/IS 99
- CIO 27
- CTO 3
- CFO 13
- CSO 8
4Survey Results
Importance of IT Security
- ALL respondents identified IT Security as an area
of importance - 65.5 ranked security amongst top 5 corporate
priorities - 55.4 of respondents from FP800 Companies are
more concerned about IT Security then they were
12 months ago (3.57 Less, 41.1 Unchanged)
Concern for IT Security is on the Rise!
5Survey Results
Importance of IT Security
- 2004 Top 3 IT Security Concerns
- Unauthorized Access by Insiders
- Viruses
- Identity Theft
- 2003 Top 3 IT Security Concerns
- Hackers
- Unauthorized Access
- Viruses
6Survey Results
Risk of Attack
- Risk of Attack was rated low
- Today weighted average of 4.10 (10 being the
highest risk and 1 being the lowest) - Consistent with 2003 result of 4.12
- In 12 Months weighted average of 4.18
- Top 3 Drivers for attention to IT Security
- Data/Information Protection
- Lost Revenue
- Negative Publicity
7Survey Results
Disclosing a Security Breach
- 39.3 claimed they would admit to a security
breach while 35.7 would not - Consistent with 2003 results 41.3 would admit
to a breach vs. 37.3 who would not - 79.5 of those that would admit to a breach have
been a target (unauthorized access, viruses,
etc.). - Only 19.4 admitted to being a target in 2003!
8Survey Results
Disclosing a Security Breach
- Top 3 Security Breaches SPAM, Unauthorized
Access by Insiders, Denial of Service Attacks
9Survey Results
Resolving a Security Breach
- Top 3 Departments Involved in Resolving a
Breach - Information Technology (IT) Human Resources
Legal - Top 3 Costs of Resolving a Security Breach
- 67 0-10K 17 10K-50K 11 50K-100K
10Survey Results
IT Virus Infections
- Top 3 Categories for Frequency of Virus
Infections - Quarterly 24.5
- Never 23.5
- Yearly 19.6
- Perceived Threats
- Lost Revenue
- Lost Employee Productivity
11Survey Results
Managing IT Security
- 86.5 of FP800 respondents have implemented an IT
Security Policy - The majority of IT Security Issues are dealt with
internally
12Survey Results
Monitoring for IT Security Breaches
- 64.5 of respondents claim that 100 of their
network is being monitored for intrusions (11.8
dont monitor at all) - 62.8 of respondents claim to review their
Firewall logs for inappropriate activity Daily
(22.5 weekly) - 89.8 of respondents claim to monitor their
critical application servers for non-authorized
access/use - 27.3 of respondents claim to run vulnerability
assessment scans of their networks and critical
services annually (19.3 quarterly, 18.2
monthly, 15.9 weekly, 11.3 daily) - 37.4 of respondents claim to run penetration
testing on their infrastructure annually (23.1
quarterly, 13.2 never) - 80.6 of respondents claim to have a formal
procedure to manage vulnerabilities and implement
patches - 69.4 of respondents claim to have developed an
incident response plan that would be initiated
should a security breach occur.
13Survey Results
Investment in IT Security
- IT Security Spend rose in 2004 and is expected to
continue to rise going into 2005 - On average 7.6 of the IT Budget for FP800
Companies is dedicated to IT Security
14Survey Results
Investment in IT Security
15Summary
- Canadas leading IT executives are more concerned
about IT Security then they were a year ago,
however few see their organizations as being a
significant risk of attack - IT attacks are on the rise, however IT executives
continue to be reluctant in disclosing breaches - Concerns for Identity Theft are on the rise
- Denial of Service Attacks are on the rise
- Investment in IT Security Training is on the rise
- A majority of FP800 respondents have implemented
an IT Security Policy
- IT Security Investments continue to rise, albeit
at a slower pace
16Contact
Andrew Bisson Director, Planning and Market
Analysis Tel (613) 745-2282 ext 17 E-mail
abisson_at_branhamgroup.com www.branhamgroup.com