InformationWeek 2014 Strategic Security Survey

InformationWeek 2014 Strategic
Security Survey
Research Findings
© 2014 Property of UBM Tech; All Rights Reserved
Executive Summary
Enterprises outsource everything from server hosting to application development. Why not security? Look for this year

to mark the start of a new era in information security, where organizations that can afford to build sophisticated analysis
teams -- able to incorporate device context into security events data in a high-volume information steam -- do so, and
those that can't hire specialized providers.
"Managing the complexity of security" reclaimed the No. 1 spot among 10 challenges facing the 536 respondents to our
InformationWeek 2014 Strategic Security Survey, all from organizations with 100 or more employees. More stats:
>> 58% see an infected personal device connecting to the corporate network as a top endpoint security concern,
making it the No. 1 response, ahead of phishing and lost devices.
>> 56% say cyber-criminals pose the greatest threat to their organizations this year, the top answer, ahead of
authorized users and employees at 49%.
>> 31% conduct their own audits of cloud providers.
>> 23% have experienced a security breach or espionage in the past year.
Respondent breakdown: 41% have 5,000 or more employees; 30% are over 10,000. Government, financial services,
and education are well-represented.
Want more? Visit InformationWeek Reports
v
© 2014 Property of UBM Tech; All Rights Reserved
Biggest challenges: managing complexity, enforcing policies
© 2014 Property of UBM Tech; All Rights Reserved
Vulnerability is largely unchanged
© 2014 Property of UBM Tech; All Rights Reserved
Most feel threats are getting more sophisticated
© 2014 Property of UBM Tech; All Rights Reserved
Most have not experienced security breach
© 2014 Property of UBM Tech; All Rights Reserved
Most common breach: Malware
© 2014 Property of UBM Tech; All Rights Reserved
Network/business apps most common victims
© 2014 Property of UBM Tech; All Rights Reserved
Top breach/espionage threats: Cyber-criminals, employees
© 2014 Property of UBM Tech; All Rights Reserved
Most use firewalls, email security tools
© 2014 Property of UBM Tech; All Rights Reserved
Firewalls considered most valuable
© 2014 Property of UBM Tech; All Rights Reserved
Most require strong passwords
© 2014 Property of UBM Tech; All Rights Reserved
Strong passwords, training valued most
© 2014 Property of UBM Tech; All Rights Reserved
Best way to manage vulnerabilities
© 2014 Property of UBM Tech; All Rights Reserved
Best way to achieve regulatory compliance
© 2014 Property of UBM Tech; All Rights Reserved
Who sets security policy?
© 2014 Property of UBM Tech; All Rights Reserved
Security budget
© 2014 Property of UBM Tech; All Rights Reserved
Security spending relatively consistent
© 2014 Property of UBM Tech; All Rights Reserved
How valuable are security investments?
© 2014 Property of UBM Tech; All Rights Reserved
Half consider mobile a minor security threat
© 2014 Property of UBM Tech; All Rights Reserved
MDM software used?
© 2014 Property of UBM Tech; All Rights Reserved
Top endpoint security concern: personal devices
© 2014 Property of UBM Tech; All Rights Reserved
Top cloud concerns: leaks, defects
© 2014 Property of UBM Tech; All Rights Reserved
Who does cloud risk assessments?
© 2014 Property of UBM Tech; All Rights Reserved
Who has SIEM systems?
© 2014 Property of UBM Tech; All Rights Reserved
Who has big data security analytics system?
© 2014 Property of UBM Tech; All Rights Reserved
Top security analytics: Hadoop
© 2014 Property of UBM Tech; All Rights Reserved
Big data analytics focus on endpoint, web activity
© 2014 Property of UBM Tech; All Rights Reserved
Who gets big data security info?
© 2014 Property of UBM Tech; All Rights Reserved
Most have security operations team
© 2014 Property of UBM Tech; All Rights Reserved
Who has insurance policy?
© 2014 Property of UBM Tech; All Rights Reserved
How is insurance need determined?
© 2014 Property of UBM Tech; All Rights Reserved
Most have not been directly targeted
© 2014 Property of UBM Tech; All Rights Reserved
Subscribe to threat service?
© 2014 Property of UBM Tech; All Rights Reserved
Security staffing
© 2014 Property of UBM Tech; All Rights Reserved
Security skills shortage: little change expected
© 2014 Property of UBM Tech; All Rights Reserved
Respondents’ job titles
© 2014 Property of UBM Tech; All Rights Reserved
Industries represented
© 2014 Property of UBM Tech; All Rights Reserved
Respondents’ company revenues
© 2014 Property of UBM Tech; All Rights Reserved
Respondents’ company sizes
© 2014 Property of UBM Tech; All Rights Reserved
Research Synopsis
Survey Name InformationWeek 2014 Strategic Security Survey

Survey Date 
April 2014
Region North America
Number of Respondents
536 at organizations with 100 or more employees
urpose To comprehensively assess the current state of security programs, where organizations are focusing their
P
security efforts, and how IT is adapting to current threats and trends.
Methodology InformationWeek surveyed business technology decision-makers at North American organizations with
100 or more employees. The survey was conducted online, and respondents were recruited via an email invitation
containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek and Dark
Reading subscribers.
Want more? Visit InformationWeek Reports
© 2014 Property of UBM Tech; All Rights Reserved