nCircle 2012 Security and Compliance Trends Survey
nCircle, the leader in security and compliance auditing solutions, recently completed a survey of information security and compliance trends. 547 IT security professionals responded to our online survey between April 19 and May 31, 2012.
"In spite of the rapidly changing threatscape, the top two concerns for security professionals have not really changed much in the last three years," said Elizabeth Ireland, vice president of marketing for nCircle. "Security has become much more visible to management and the general public over the last year, and this is one of the factors driving the slight uptick in security concerns. The corresponding downward trend in compliance concerns is likely the result of a sharper focus on security issues."
"While hacktivist data breaches are very visible and continue to gather a lot of high-profile publicity, security professionals believe that cybercrime poses a much more serious security threat to their organization—and, most organizations do have something worth stealing!"
"An overwhelming majority of security professionals continue to expect the number of data breaches to increase. It's not clear if this expectation is a result of hackers getting better or security getting worse."
"The majority of security professionals continue to believe that cyber security in the U.S. is increasing, but that majority is slowly eroding. This is another area where security professionals are gradually growing more pessimistic."
"Seventy six percent of security professionals believe the security of their own personal data has not improved over the last 24 months. While this represents a slight improvement over the percentage in prior years, it still indicates a striking lack of confidence in current protection levels."
"In spite of HIPAA and HITECH, this is the third straight year of declining confidence in the security of personal health information. It's one more area where security professionals believe data security is inadequate to protect their personal information against growing security threats. Security professionals realize, perhaps more than the average consumer, how difficult it is to recover from a healthcare data breach. If someone steals your credit card number, your credit card company will help cover losses and issue you a new one. However, there is no simple recovery process for lost healthcare data."
"Although cloud adoption is growing, for most organizations it continues to be a minor part of their infrastructure," said David Meltzer, vice president of engineering for nCircle. "Cloud adoption blurs the boundaries around sensitive data storage, making it far more difficult to control and protect. It's extremely easy for anyone to provision cloud resources without involving security or IT. It can be difficult to discover all cloud infrastructure used on enterprise networks because many traditional IT security tools don't adapt easily to cloud environments."
"Many companies comply with several compliance requirements, and managing these environments to meet compliance regulations can be challenging. Security professionals are focused on making sure that regulatory compliance is considered at the beginning of each cloud initiative."