EiQ Networks conducted a survey on information security priorities and challenges and the result gave us an answer we were expecting, but maybe this opens your eyes even more. Based on responses from 168 IT decision makers across industries, results point to lack of confidence in their security technologies and lack of the people, processes to implement it.
Here is a passage from HelpNet Security:
“Lack of process was a top concern with 62% of IT pros noting they have either “no process” or a “partial process” in place to detect and respond to a security incident. Moreover, only 15% of companies surveyed believe their employees are “well prepared” to spot the signs of an attack and react accordingly.
72% of respondents stated that their IT infrastructure is “not well protected” and is vulnerable to APTs. However, 52% of companies surveyed say they have made it a “priority” to re-think their infrastructure to keep pace with APTs.
The survey found that companies are using a variety of security technologies such as Traditional Firewall (86%); Anti-virus software (71%); IDS/IPS technologies (59%); Log management (58%); SIEM (44%).
Despite these technology deployments, only 27% of IT decision makers report they are truly “confident” that these technologies will work against a cyber-threat. 58% report they are “somewhat confident” in these technologies to effectively mitigate risk of security incidents and that they are still seeking alternatives.
Company and brand reputation more at risk than financials:
68% of companies surveyed said their “reputation” is more at stake than their financials
19% said they could withstand a “small financial hit” while 13% said a cyber-attack would “devastate us financially”.