A recent study by B2B International has revealed the extent to which companies believe they do not have the necessary resources to successfully implement IT security policies, and the financial implications of dealing with IT security threats.
In April 2013, B2B International carried out the Global Corporate IT Security Risks 2013 survey for Kaspersky Lab, aiming to explore how businesses are dealing with their IT security policies. The results show that IT security is critically underfinanced, which can have severe consequences for businesses of all sizes.
IT Security Policies
The survey revealed that 60% of IT decision makers feel they do not have enough time or money to develop IT security policies. Also, barely half of the companies surveyed feel they have highly-organised, systematic processes in place to deal with IT threats.
In the education industry, only 28% of organisations feel they have sufficient investment in IT security policies, while for government and defense organisations, only 34% feel they have the time and resources to develop IT security policies. This means the remaining 67% are in constant danger of losing confidential governmental information.
Regarding mobile security, even a single measure, such as implementing IT security policies for mobile devices, could significantly reduce the risks posed by smartphones and tablets in corporate IT environments. However, almost half of those surveyed do not have such policies. Even when mobile security policies are in place, around half complained that budget increases are insufficient, and 16% complained there is no extra funding available.
IT Security Incidents
The costs of dealing with IT security incidents can be massive, especially for large companies who are specifically targeted by IT threats.
The survey revealed 91% of companies have suffered at least one external IT security incident, while 85% suffered internal incidents in the past 12 months.
IT security incidents can cause real financial and reputational damage for companies, with a serious incident costing an average of £418,000 for large companies and £32,000 for small and medium sized companies. Meanwhile, a successful targeted attack can cost a company more than £1.5m in direct financial losses and additional costs.