Skokie, Ill. - A survey of more than 100 senior IT and data security professionals at Fortune 1,000 and other major companies across the United States found that 28% percent had little or no confidence that they had detected all significant security breaches in the past year. In addition, 26% rated their current IT environment as more vulnerable than it had been a year before. The survey was released by Forsythe Solutions Group.Respondents cited regulatory pressure as the major catalyst for updating their technology, processes and staff. Legislative guidelines and industry standards demand increased control of and additional funding for security programs. Those experiencing increased vulnerability overwhelmingly attributed this to organizational change, such as mergers or acquisitions, the implementation of new applications or outsourcing.
"The findings of this study are indicative of the security challenges all organizations face today," says Pamela Fredericks, manager of security advisory services for Forsythe Solutions Group. "Although technology plays an irreplaceable role in securing and ensuring privacy for data, the three P's - policy, process and procedure - have now taken center stage. Not only do they ensure that regulatory compliance requirements can be demonstrated to auditors and regulators, but also that the technology solutions being implemented are supported by solid background processes."
In fact, when asked to identify the security program area that will consume the most time and/or effort in the coming year, 43% cited "policy, process and procedure" as the top priority. This response illustrates the influence regulatory compliance is having on security spending.
"Regulations like Sarbanes-Oxley, HIPAA and [Gramm-Leach-Bliley] have stimulated the demand for better security 'policies, processes and procedures,'" continues Fredericks. "I am certain that, had we asked these questions a few years ago, the three P's would have been a low or nonexistent priority."
Source: Forsythe Technology Inc.
