Kasperky: Global Corporate IT Security Risks 2013 survey

85% of organizations worldwide experienced an internal information security incident last year, some of which led to sensitive data loss, according to the Global Corporate IT Security Risks 2013 survey carried out by the B2B International research agency and Kaspersky Lab. The survey found that the three most common types of internal threats are: vulnerabilities or flaws in existing software, accidental leaks of data due to human error, and the loss or theft of mobile devices.

Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimize internal security risks, half of the organizations surveyed have network structures that, for example, separate mission-critical networks from other networks and 52% use different levels of access privilege to IT systems.

However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss. For instance, less than half the companies surveyed use application control, device control or an anti-malware agent for mobile devices. Even fewer organizations have implemented a Mobile Device Management solution (24%) or encryption on removable devices (33%).

Another problem is that employees do not always comply with existing corporate security policies, and less than half of companies (46%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, just under half (48%) of the companies polled feel that security policies actually bring any value to the staff.

EY: Global Information Security Survey 2013

Organizations must be prepared to combat against, manage and mitigate cyber attacks that can occur anytime, anywhere, Says EY.

EY’s 16th annual global information security survey explores the actions organizations have taken to address current threats, how leading organizations are preparing for cyber risks that may be on the horizon, and how new technologies and an innovative approach can help organizations proactively prepare for the future.

EY found three levels of response to cyber risk in an environment where cyber attacks are numerous, constant and increasingly complex:

  • Improve — What organizations are doing to address the current threats and the challenges that still exist
  • Expand — Steps leading organizations are taking to address new threats more proactively
  • Innovate — Solutions organizations need to address new and upcoming technologies

EY’s Global Information Security Survey 2013 report can be downloaded here.