September 2006 Security Survey: Security Breaches Strike One in Three Companies

Allan Alter Avatar

Updated on:

The first set of results from our latest annual Security Survey provides an update from the war zone that is IT security. There’s plenty of bad news: over half of companies over $1 billion report security breaches in the past 12 months, and 45 percent have been targeted by organized criminals. Penetration by spyware and viruses remain problems, but they’re not the only ones: nearly half of all companies that have had security breaches say equipment containing company data has been lost or stolen. Many other organizations besides the Veterans Administration and Fidelity Investments have lost laptops containing sensitive personal data.

What’s behind these unhappy numbers? We asked respondents to name their top three internal security concerns, and which technologies are seen as the top three security threats. Careless, risky employee behavior, lack of awareness and management resistance still have CIOs worried, while vulnerabilities in Microsoft software top the list of technical threats. In fact, 30 percent say their company has moved some systems off Windows to reduce security risk.

We’ll be releasing more findings from the survey each Wednesday this month; see below for the full schedule.

For more data and analysis, see CIO Insight ‘s Research Center blog at go.cioinsight.com/researchcentral

Next page: Employee negligence and Microsoft vulnerabilities are considered the most significant IT-security risks.