- Major Studies
- Advisory Reports
- Valuation Data
For IT decision-makers, this study provides objective data and key metrics for the following uses:
For vendors of IT security products and services, this study is a valuable source of information for understanding market opportunities. The study provides hard data that can be used to formulate or validate assumptions underlying business development plans.
Read a short summary of just one of the key findings from this study: IT Security--Large Firms Lag Behind.
THE EXECUTIVE SUMMARY
Chapter 1, the Executive Summary, summarizes the key findings of the full report and provides supporting statistics. The Executive Summary also includes key findings from the related Malware Report, details of the survey demographics by industry sector and job position, and a comparison with the CSI/FBI security survey. The Executive Summary is 21 pages, with six charts and tables.
THE FULL STUDY
The remaining chapters (2-5) present the detailed results of the IT Security Survey along with our analysis based on interviews with IT security experts. Chapter 2 provides the composite results for all organizations that participated in the survey. Chapter 3 present statistics for small organizations (revenues between U.S. $100 million and $250 million). Chapter 4 presents statistics for medium organizations ($250 million to $750 million). Chapter 5 presents statistics for large organizations (over $750 million).
Statistics include the following:
Chapter 2 also provides summary statistics for the IT security incidents, such as cybercrime and other threats experienced by respondents in the composite sample, including: number of infosec incidents by source, percentage of incidents by point of entry, and the impact of IT security incidents on corporate websites.
Among the nearly 200 pages of detailed statistics, this year's study found several significant trends:
DETAILED TABLE OF CONTENTS
Chapter 1: Executive Summary
IT Security Study Highlights
Malware Study Highlights
About This Study
Contents by Chapter
Industry Sector Representation
Job Function Representation
Comparison With the CSI/FBI Survey
Chapter 2: Statistics for the Composite Sample (All Organizations)
IT Security Budget and Staffing Ratios with Trends: These statistics are presented at the median, 25th percentile, and 75th percentile, where appropriate.
IT Security Budget as a Percentage of Total IT Budget
IT Security Budget Changes
IT Security Budget Allocation in Dollars (U.S.)
IT Security Budget Allocation per Desktop
IT Security Budget Allocation by Major Category
Adequacy of IT Security Budgets
Ratio of IT Security Personnel to Total IT Staff
Number of IT Security Personnel per Thousand Desktops
IT Security Management Reporting Structure
IT Security Technology Adoption Trends
Adoption of Spam Filtering
Adoption of Virtual Private Networks
Adoption of Wired Equivalent Privacy (WEP)
Adoption of Wi-Fi Protected Access (WPA)
Adoption of Server Access Controls
Adoption of Intrusion Alerts
Adoption of Intrusion Prevention Systems
Adoption of Encryption
Adoption of Public Key Infrastructure (PKI) Systems
Adoption of Password Management
Adoption of Smart Cards
Adoption of Password Tokens
Adoption of Biometrics
IT Security Management Practices
IT Security Policies and Procedures
Physical Security Access Controls
Document Shredding Policy
Application and Data Access Controls
Password Syntax Controls
Forced Password Rotation
Password Cancellation for Terminated Employees
Desktop Administration Rights
Periodic IT Security Training for All Employees
PC Software Audits
IT Security Audits
IT Security Certification for Security Staff
IT Security Incident Statistics
Number of IT Security Incidents by Source
Percentage of IT Security Incidents by Point of Entry
Impact of IT Security Incidents on Websites
Statistics by Organizational Size
These chapters provide the same statistics as show in Chapter 2, with the exception of the IT Security Incident statistics, which are only provided for the composite sample.
Chapter 3: Small Organizations ($100 million to $250 million U.S. in annual revenue)
Chapter 4: Medium Organizations ($250 million to $750 million)
Chapter 5: Large Organizations (over $750 million)
Purchasing Options: Pricing by Chapter
The Full Study: $995 (all chapters)
Update! For an assessment of current IT security threat levels in 12 categories, please see our new study, Trends in IT Security Threats: 2007 (priced separately).
Still have questions about this study?