18% of IT pros say their businesses may not survive the consequences of a major security breach

London, UK – 6th October 2011 – Nearly one-fifth of IT professionals fear their businesses may never re-open for business or would fail shortly after a major security breach, as a direct consequence of that breach, a new survey shows.  The IP EXPO security index survey was conducted among IT professionals from businesses of all sizes and sectors on behalf of Imago Techmedia, organiser of the forthcoming end-to-end infrastructure show IP EXPO, to illustrate the all-pervasive nature of IT security and how important it is to IT professionals in all roles.




IP EXPO logo

“Respondents to our survey overwhelmingly agreed that IT security should not be viewed as an isolated activity, but would best be treated as an integrated part of businesses’ entire technology reviews and processes,” said Mike England, Social Business & Content Director at IP EXPO event organiser Imago Techmedia. “SECURITY 11 at IP EXPO is a not-to-be-missed event for vendors and end users alike, because it involves you in the security debate in its wider context, rather than addressing the issue exclusively from the perspective of an information security professional.”

Other findings include:
•
70% said they believed security would be best considered collaboratively and routinely across all aspects of ICT.

•
47% said they believed their own organisations needed more security-related collaboration between different ICT disciplines.

•
44% of respondents stated that at least a quarter of their jobs involved IT security.  For 23%, security took up more than half their time.

•
23% of respondents said that their approaches to compliance compromised their security.

•
26% said mobile devices such as smartphones and laptops posed the highest risk of data loss to their businesses. 

•
18% said memory sticks being used for data theft posed the highest risk to their businesses.

•
68% said they viewed IT security as “a necessary evil”.


“Given the attention and money poured into security for many years now, the headline figure comes as quite a shock,” said Mike England.  “It is when we get into the detail, the myriad ways in which security is – or isn’t – addressed, that we see how such a figure can be reached.  In many cases, responsibility for security is distributed throughout ICT departments, or even throughout businesses, and that’s why a whopping 70% of our respondents have stated a desire for organisations to address security from a holistic and collaborative perspective. This is a point our speakers and exhibitors will undoubtedly address at IP EXPO and SECURITY 11,” he added.

The Cloud Security Alliance (CSA) UK & Ireland has joined the security roster as a strategic partner of IP EXPO at SECURITY 11. CSA UK & Ireland President Des Ward commented on the results of the survey: “Lack of collaboration and a perceived disconnect between security and business would explain the view of security being deemed ‘a necessary evil’, or even a cost of doing business online and consequently having little real business value. Businesses need to evolve beyond compliance risk management to information risk management in order to implement strategies that reduce the likelihood of breaches occurring, while at the same time affording a level of business agility fitting today’s interconnected society,” he suggested.

Of the main findings, Nigel Stanley, security practice leader at Bloor Research and IT Security Pathfinder at IP EXPO, said: “What’s clear is that even if someone’s job doesn’t directly involve security per se, everyone needs to be actively engaged in dealing with the problem.  And the way that businesses are going about it is encouraging, because security management needs to be a two-way process with the users actively engaged in the process.  Generally, taking compliance steps should enhance an organisation’s security – unless of course it is doing just enough to tick the boxes but failing to see the broader benefits of building a compliant business.  However, reducing security posture to achieve compliance is bonkers.

“The IT security industry has been left wanting in respect of the consumerisation of IT that’s been fuelled by smartphone adoption.  Only now are we starting to see management tools for these devices, so it’s no surprise that these have been identified by respondents as the biggest risk area,” he commented.

Nigel Stanley will also participate in an IP EXPO security panel debate sponsored by software provider ESET at 2:30pm on Thursday October 20th. The session, entitled “Securing the Road Warrior”, will look at the security issues faced by remote workers and the best practices employers should be aware of when connecting remote devices to the corporate network. Stanley will be joined in the debate by Steve Gold, technical editor, Infosecurity Magazine; Sarb Sembhi, director of consulting, Incoming Thought Security Consultancy; and Mark James, head of technical support, ESET UK.

SECURITY 11 is a new dedicated focus area at this year’s IP EXPO, examining IT security in this wider computing context.  SECURITY 11 will feature exhibitors from the worlds of cloud computing, storage, wireless, virtualization and IP networking.  Attendees can explore the impact security has on developing IT infrastructure and discuss the latest tools and procedures being developed to meet the security challenges posed by these disparate but interconnected technology areas.

SECURITY 11 was developed after delegates at last year’s IP EXPO revealed the extent to which security was linked to other decisions they would be making about their IT infrastructures.  And, according to Gartner’s CIO Agenda survey, improving business continuity, risk and security is one of the top ten business strategies for CIOs this year.