This week we released the results of our “Database Security Controls” research study, which was run for us by the analyst firm Enterprise Strategy Group (ESG). We sent ESG off to interview global IT decision makers located in North America. They met with 179 companies and asked a set of questions around data and database security. The responses were collected and aggregated for the report. The results are simply astonishing.
A whopping 84% of respondents believed that they have adequate protection in place for sensitive data.
With so many data breaches reported this year, we were surprised to hear that so many folks felt comfortable with the controls they have in place….but if 84% of companies really have adequate data security, we’re all in pretty good shape….Right?
The survey then drilled down into more specific questions. Have you failed an internal audit? Have you failed a compliance audit? Have you experienced a data breach recently? The answers to the specific questions painted a very different picture. More than 50% of the organizations surveyed experienced a data breach in 2008. I repeat, more than 50% experienced a breach this year, while at the same time, 84% claim to have adequate security. Adequate means enough to get the job done…..Right?
And it’s not just data breaches.
48% failed internal audits. 42% failed payment card industry audits. 38% of federal agencies surveyed failed FISMA audits. The number of failures present a huge problem on their own, but couple that with the false sense of security that the IT community has built around its data, and we really have something to worry about. The amount of data at risk is staggering. For those of you who have experienced a data breach this year, or who regularly fail key components of your audits, stop feeling secure. If you haven’t done something drastic to correct the situation, you’re likely a soft target just waiting to be spotted.
There are signs of hope.
There were some real signs of hope within the survey results. 76% of the organizations we spoke with said that they plan to place purchasing priority on database security solutions in 2009. Wait, didn’t 84% say they already had adequate security?? Maybe folks aren’t burying their heads in the sand after all.
Grab a copy of the survey results from our webpage.
Comments