InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved Executive Summary Enterprises outsource everything from server hosting to application development. Why not security? Look for this year to mark the start of a new era in information security, where organizations that can afford to build sophisticated analysis teams -- able to incorporate device context into security events data in a high-volume information steam -- do so, and those that can't hire specialized providers. "Managing the complexity of security" reclaimed the No. 1 spot among 10 challenges facing the 536 respondents to our InformationWeek 2014 Strategic Security Survey, all from organizations with 100 or more employees. More stats: >> 58% see an infected personal device connecting to the corporate network as a top endpoint security concern, making it the No. 1 response, ahead of phishing and lost devices. >> 56% say cyber-criminals pose the greatest threat to their organizations this year, the top answer, ahead of authorized users and employees at 49%. >> 31% conduct their own audits of cloud providers. >> 23% have experienced a security breach or espionage in the past year. Respondent breakdown: 41% have 5,000 or more employees; 30% are over 10,000. Government, financial services, and education are well-represented. Want more? Visit InformationWeek Reports v © 2014 Property of UBM Tech; All Rights Reserved Biggest challenges: managing complexity, enforcing policies © 2014 Property of UBM Tech; All Rights Reserved Vulnerability is largely unchanged © 2014 Property of UBM Tech; All Rights Reserved Most feel threats are getting more sophisticated © 2014 Property of UBM Tech; All Rights Reserved Most have not experienced security breach © 2014 Property of UBM Tech; All Rights Reserved Most common breach: Malware © 2014 Property of UBM Tech; All Rights Reserved Network/business apps most common victims © 2014 Property of UBM Tech; All Rights Reserved Top breach/espionage threats: Cyber-criminals, employees © 2014 Property of UBM Tech; All Rights Reserved Most use firewalls, email security tools © 2014 Property of UBM Tech; All Rights Reserved Firewalls considered most valuable © 2014 Property of UBM Tech; All Rights Reserved Most require strong passwords © 2014 Property of UBM Tech; All Rights Reserved Strong passwords, training valued most © 2014 Property of UBM Tech; All Rights Reserved Best way to manage vulnerabilities © 2014 Property of UBM Tech; All Rights Reserved Best way to achieve regulatory compliance © 2014 Property of UBM Tech; All Rights Reserved Who sets security policy? © 2014 Property of UBM Tech; All Rights Reserved Security budget © 2014 Property of UBM Tech; All Rights Reserved Security spending relatively consistent © 2014 Property of UBM Tech; All Rights Reserved How valuable are security investments? © 2014 Property of UBM Tech; All Rights Reserved Half consider mobile a minor security threat © 2014 Property of UBM Tech; All Rights Reserved MDM software used? © 2014 Property of UBM Tech; All Rights Reserved Top endpoint security concern: personal devices © 2014 Property of UBM Tech; All Rights Reserved Top cloud concerns: leaks, defects © 2014 Property of UBM Tech; All Rights Reserved Who does cloud risk assessments? © 2014 Property of UBM Tech; All Rights Reserved Who has SIEM systems? © 2014 Property of UBM Tech; All Rights Reserved Who has big data security analytics system? © 2014 Property of UBM Tech; All Rights Reserved Top security analytics: Hadoop © 2014 Property of UBM Tech; All Rights Reserved Big data analytics focus on endpoint, web activity © 2014 Property of UBM Tech; All Rights Reserved Who gets big data security info? © 2014 Property of UBM Tech; All Rights Reserved Most have security operations team © 2014 Property of UBM Tech; All Rights Reserved Who has insurance policy? © 2014 Property of UBM Tech; All Rights Reserved How is insurance need determined? © 2014 Property of UBM Tech; All Rights Reserved Most have not been directly targeted © 2014 Property of UBM Tech; All Rights Reserved Subscribe to threat service? © 2014 Property of UBM Tech; All Rights Reserved Security staffing © 2014 Property of UBM Tech; All Rights Reserved Security skills shortage: little change expected © 2014 Property of UBM Tech; All Rights Reserved Respondents’ job titles © 2014 Property of UBM Tech; All Rights Reserved Industries represented © 2014 Property of UBM Tech; All Rights Reserved Respondents’ company revenues © 2014 Property of UBM Tech; All Rights Reserved Respondents’ company sizes © 2014 Property of UBM Tech; All Rights Reserved Research Synopsis Survey Name InformationWeek 2014 Strategic Security Survey Survey Date April 2014 Region North America Number of Respondents 536 at organizations with 100 or more employees urpose To comprehensively assess the current state of security programs, where organizations are focusing their P security efforts, and how IT is adapting to current threats and trends. Methodology InformationWeek surveyed business technology decision-makers at North American organizations with 100 or more employees. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek and Dark Reading subscribers. Want more? Visit InformationWeek Reports © 2014 Property of UBM Tech; All Rights Reserved