September 23, 2009

Survey: Most organizations struggling to secure data

Hampered with issues such as lack of CEO support and budgetary resources, organizations are struggling to secure sensitive data and the majority have experienced a breach, according to a survey released Wednesday by the Ponemon Institute and sponsored by data security company Imperva.

The survey of 517 U.S. and multinational IT security practitioners who are involved in their company's efforts to comply with the Payment Card Industry (PCI) Data Security Standard (DSS), found that 71 percent of respondents believe their organization does not view data security as a strategic initiative across the enterprise.

Larry Ponemon, chairman and founder of the Ponemon Institute said in a recent podcast about the survey that he finds that statistic “very disturbing,” because failing to treat data protection as a strategic business initiative could ultimately lead to loss of customer confidence and trust.

In addition, 60 percent of survey respondents said their organization does not have enough resources to become PCI compliant. And 79 percent of respondents said their organization has experienced a data breach.

Brian Contos, chief security strategist at Imperva, told SCMagazineUS.com on Tuesday that lack of budget is tied to lack of executive support for data security efforts.

“The companies that look at compliance strategically and get executive involvement tend to have more robust security programs,” Contos said.

But 55 percent said that they do not believe their CEO strongly supports PCI efforts. Also, just 27 percent of survey respondents said they feel PCI compliance contributes to an improved security posture in their organization – a finding Ponemon viewed somewhat positively. 

“I looked at the number [27 percent] and said ‘…that seems pretty low,' Larry Ponemon, chairman and founder of the Ponemon Institute, said in a recent podcast about the survey. “But then you think about it, a lot of organizations see PCI as a compliance thing only. So if you look at all of the organizations that potentially have to comply or should be complying with PCI, to say that 30 percent agree that their security posture improves, suggests that PCI is pretty successful.”

Seventy-five percent of respondents said their organization has achieved some level of PCI DSS compliance, the survey found. Just 22 percent said that they have achieved full compliance for all enterprise applications and databases, 28 percent were compliant for “most” and 25 were compliant for “some.” 

For many organizations, though, data security efforts do not extend beyond the protection of credit card information. Fifty-five percent of respondents said their organization doesn't secure Social Security numbers or other potentially sensitive information.

Related Articles
Related Topics
Related Links
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.