Your SlideShare is downloading. ×
Vanson Bourne Research Insight: IT Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Vanson Bourne Research Insight: IT Security


Published on

Research Insight: Security Challenges for UK Enterprises. Find out more about the fast-changing threats to enterprise IP from responses of 100 senior IT decision-makers in UK commercial enterprises …

Research Insight: Security Challenges for UK Enterprises. Find out more about the fast-changing threats to enterprise IP from responses of 100 senior IT decision-makers in UK commercial enterprises (1000+ employees).

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Research Insight: Security challenges for UK enterprises Intelligent Market Research
  • 2. 2 Fast-changing threats to enterprise IP Threats - inside and out The online survey questioned 100 UK enterprise IT decision-makers drawn from an independent panel of executives. Respondents represented larger (3000+ personnel) and smaller (1000-3000) enterprises across the financial services, manufacturing, retail & transport and other commercial services sectors. The study found that the security threats that concern most respondents are: employee attitude to security protocol (77%); malware (76%); use of personal cloud storage (70%); malicious non-commercial external attacks (70%); and commercially-driven attacks (60%). But the true extent of executives’ concern is revealed by the next five threats identified: personally This study examines the way that UK companies’ IT decision-makers are broadening their risk management thinking and seeking to actively manage their policies. chain threats (31%) - the mobilisation of data and its access via cloud and smart devices are shifting the focus of corporate risk management towards employees’ workplace tools and behaviours. Find out more: Watch our recent IT Security Webcast Risk management thinking protocols and partners 84 UK businesses are attempting to impose security Assess Evaluate It shows that, as well as coping with disruptive tablet, mobile device and cloud technologies, organisations’ senior management is constantly re-addressing the human factor in IT security: the potential for unauthorised or accidental loss of intellectual property (IP) assets by disaffected, misguided or poorly-trained employees. owned devices (59%); cloud software (58%); mobile devices (57%); internal threats (54%) and supply Measure UK plc’s companies are well aware of the havoc created by criminal gangs’ targeted attacks or damage from lone hackers dedicated to crashing corporate IT systems. However, other risks are emerging as supply chains and business processes being opened up to allow more flexible collaboration with partners and suppliers - while end users increasingly access applications and core data from mobile devices. As companies re-engineer their business models for the mobile internet age, so perennial threats are now being rivalled by new risks associated with organisations mobilising their core data assets. processes on their employees. The vast majority 84% - of UK organisations has a formal process for reviewing security protocols, and of those M anage with such processes, 57%, conduct the review on a quarterly or monthly basis. More than two thirds (69%) of organisations review their security providers; this figure rises to 80% Find out more: Read our blog 'Information security: the human factor matters more than ever' among organisations with more than 3000 employees. Not surprisingly when different sectors are compared, financial services respondents (80%) have the highest security vendor evaluation levels but surprisingly, only just over half of retail and transport interviewees (52%) take this step.
  • 3. 3 A proactive approach to threats UK companies struggle with regular or even proactive risk management. Although around one fifth (22%) checks both protocols and vendors quarterly, 17% does so only twice a year and around one in ten (9%) manages only an annual review of both. Many respondents leave security to the vendor: over one third (36%) says they don’t carry out this dual review process at all. Bigger enterprises are more likely to have formal policies for both protocols and providers; although 26% of them do not, this figure rises to 46% among the smaller category (1000-3000 employees) businesses studied. The survey generally found that those organisations spending the biggest percentages of the IT budget on security and those spending more than three years ago tend to make greater use of security protocols and providers. As a result, senior management teams that recognise the importance of perceived threats also place greater emphasis on proactive and preventative measures. More money for security 65 Regarding security budgets, almost two thirds (65%) of interviewees are spending more on data security than they did three years ago, with only 22% spending the Best practice a state of mind? The study shows a clear link between companies’ awareness of different threats to their IP and their level of expenditure on the different components and management of information security systems. The telling factor is how much of the enterprise's IT budget is dedicated to security - nearly three in four of those enterprises that ring-fence more than 10% of their IT budget for security have formal policies to review both security protocols and security providers. In those enterprises where the security spend is less than 5%, only just over half has these dual checks in place. Creating a risk-aware culture remains difficult in some firms. None of the firms that spend 5% or less of the IT budget on security says their employees regard security as the top priority when using the company’s IT but in those firms spending more than 10% of budget on security, this figure was much higher at 41%. Find out more: Watch our video interview 'Does Security Spend Matter?' Find out more: Watch our video interview 'The Employee Security Confidence Gap' same amount. Enterprises found to have the lower proportion of corporate IT budgets ring-fenced for security are far more blasé about the significance of the security threats that the survey listed. This might suggest a level of paranoia among higher spenders or alternatively, that small spenders under-estimate the risks they run. Bigger firms are upping their investment by slightly more than smaller ones; their average increase in security expenditure is 31%, compared with 23% in smaller companies. If anything, the study suggests that companies increasing their IT security spending have heightened sensitivity to security threats, rather than complete confidence that they’re fully protected. 7 Only 7% of interviewees say they have cut their security spend compared with three years ago. Bigger and smaller organisations appear to be And while larger enterprises see IT buying more security as time goes on, not less. security as a higher priority, they are more likely to find it more complex, Find out more: Watch our video interview 'Does Security Spend Matter?' Look at the headline figures in our 'Strategic Insight Infographic' 90% and are concerned about a wider range of issues than smaller enterprises. Tellingly, over 90% of those enterprises spending more than three years ago admitted that they can never feel 100% protected.
  • 4. 4 No room for complacency This study reveals the effort and resources that companies need to put aside to keep on top of IT security, all of which may stretch even a large company in today’s 24/7 trading environment. However, it’s clear 24/7 that a significant proportion of firms, particularly those with lower IT security spend, is failing to build a risk management culture including enforcement of security protocols. Despite their IT security investments, 42% only 42% of companies express full confidence in their protection against any of the ten main threats identified. However, having processes for regular security protocols checks does appear to boost confidence. Interested in using market research to help your organisation? To take the first step, download our latest White Paper 'Things to take into consideration when choosing a Market Research company' for lots of tips and advice. white paper Things to take into consideration when choosing a Market Research company Market Research; What is it? What’s it for? What do you do with it and how do you do it? Which agency should I use? 1-2 3 4-6 7-10 MR: What is it? Smaller enterprises (1000-3000) are generally more confident than their larger peers of the protection they have in place. Are they running simpler IT environments or are they more Download Now The clue is in the name. This is an examination or questioning of a defined market, which is usually carried out by asking carefully-constructed and replicable questions of a representative sub-set of that market (rather than everyone because that would be a census which would be very expensive, take too long and is unnecessary) which gives us a perspective on the current, past or future behaviour of the whole market. It tests the whole market by researching the responses, attitudes, understanding, of this ‘sample’ group. That’s market research. 01 | Vanson Bourne - Things to take into consideration when choosing a Market Research company complacent? The study shows a clear connection between firms where there is a higher level of threat awareness, commitment to using security protocols and continued investment in IT security measures. Moreover, in the face of disruptive technologies and mutating internal and external threats, the most risk-aware UK organisations in this study are in no way satisfied with their level of protection. They never regard their vital information assets as completely safe. Find out more: Access the full in-depth market research results on IT Security on our website here. Intelligent Market Research