The Global State of Information Security 2006

1 2 3 Page 3
Page 3 of 3

Installing a firewall is easy. If a significant number of respondents haven’t even done that much, it shouldn’t be surprising that many more are struggling with the hard stuff. It’s hard to quantify attacks and what’s lost because of them. First, just understanding what constitutes an incident can be confusing. "Is having spyware on your computer an incident?" Sony’s Spaltro asks. "Some may not think so, but we treat it as such." Second, the ability to track, record, correlate and communicate up the executive chain is lacking in most organizations. For the fourth consecutive year, there was an increase in the percentage of respondents throwing their hands up and saying they have no idea how much money their companies lost due to attacks. It’s now up to 50 percent.

Finance chart

"How do you calculate the loss of intellectual property or the damage to a corporate reputation?" Lobel asks. "Very smart people have a hard time agreeing on the value."

But until the security department can put a credible dollar figure on what the company is losing because of poor security, the boardroom isn’t going to listen to security executives asking for more money to spend on technology or on skilled security workers (cited as the top resources needed to improve security). The CEO wants to know how security affects shareholder value. But answering that would require a strategic overview and, as we have already seen, security professionals, by and large, don’t have one. At least, not this year.

Related:

Copyright © 2006 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
6 digital transformation success stories