eCrime Survey 2011

Cautiously comfortable, but not complacent...

At the end of 2010 The Corporate IT Forum's Information Security Service conducted its annual survey to understand and measure the trends and changes businesses are experiencing with eCrime, malware and the threat landscape.  42 respondents from over 20 organisations answered questions on increasing levels of malware, breaches and threats experienced.  This survey also looked at organisations' experiences with reporting external and the impact of eCrime to the business.  Contributing organisations represent an annual IT spend of £4.72 billion and employ over 600,000 people.

Overall the findings show a positive landscape of corporate IT dealing with eCrime, this can be down to a rigorous approach, continued good practice and ongoing vigilance.  Some headline findings include:

• eCrime Attacks against Corporate Britain under control:The Forum's previous eCrime Reality Checker discovered that eCrime against corporate Britain was on the rise - by almost 70% compared with 2007. In contrast, the results from this latest survey indicate that this increase has practically halted with the majority of respondents experiencing no increase
• External and Internal Threats Mitigated: eCrime is as much about the danger from within as the danger from without. Although the number of attacks reported is higher respondents view these as having a minor impact or having been mitigated successfully.
• Breaches are contained: Respondents indicate that, as a whole, security breaches can and do occur across all breach categories, but are very largely contained or mitigated successfully.
• No change in attack levels: Increase in attacks is slight, if at all, with the majority of respondents experiencing no increase.
• Secure policies in place: 100% of respondents have a Formal IT and /or Information Security Policy encompassing acceptable usage of corporate ICT equipment.
• 'Build in not bolt on': This 'security first' ethos illustrates the importance of security considerations in the 'security aware' organisation of today.
• One third are not looking up at the clouds: Access rights, data protection, security governance as well as assurance over suppliers are the biggest perceived threats of moving to Cloud computing.
• Approaches in place: All responding organisations believe they are adopting, or have in place, an approach to security that enables them to respond to the current and future threat landscape - 'cautiously comfortable, but not complacent'.