Security by the numbers

The issue of security continues to be a major industry topic and understandably, especially as this is is one area of BCM that tends to have the highest profile . Many of the issues are closely linked to the increasing complexity and interoperability requirements of applications across a wide variety of Platforms. These problems are also compounded by the generally poor practices of many IT departments and internal users who continue to be a very weak link in the security chain.

 Below we have assembled research to provide an at glance reminder that there is still a long way to go to 'secure' an organisations IT.

15% - The average increase in IT security spending in 2007, according to a survey of 1,300 CIOs by IT market research firm Gartner. At the same time, the respondents reported that their overall IT budgets would rise only 2.5 percent. Source: Secure Enterprise Magazine

56% - The share of security solution providers who say that it will take over six months for organizations that have deployed identity management products to see a return on the investment, according to a recent survey by IT business publication CRN. Additionally, 52 percent of those polled reported that only six percent or less of their business customers have adopted ID management solutions as part of their overall security strategy. Source:

10%- The maximum share of overall IT spending that's related to security patch management at an overwhelming majority -- 97 percent -- of companies polled by research firm InsightExpress. The survey, conducted on behalf of SupportSoft Inc., which develops update management software, found that patching takes a week or more to complete at about 25 percent of companies. Source:

54 - The average number of software vulnerabilities that security vendor Symantec detected per week in the second half of 2006. The company reported in its semi-annual Internet Security Threat Report that it documented 1,403 new vulnerabilities between July 1 and Dec. 31, 2006, and said that 48 percent of those were found in Web applications. Source: IDG News Service

35 - The number of IRS employees, out of 100 called by inspectors pretending to be internal help desk staffers, who gave up their network log-in names and changed their passwords to one suggested by the caller when told that it was necessary due to a network problem. On a positive note, the results of the anti-hacking test were better than in 2001, when 71 percent of the workers called agreed to change their passwords. Source: TechWeb

50% - The rate at which IM and P2P exploits are increasing monthly, according to the IMlogic Threat Center, an organization formed by IMlogic, McAfee, Symantec and Sybari Software to monitor instant messaging hacks. Source:

224 - The average number of directory harvest attacks per day in February on enterprise email systems by spammers seeking valid addresses, according to email security services vendor Postini. Each attack brought an average of 166 invalid message delivery attempts, resulting in a total of 37,184 invalid delivery attempts per day. Source:

180% - The share of mobile phone users worldwide that have received spam, according to a survey of 1,659 mobile users and 154 wireless operators by the University of St. Gallen in Switzerland and emergency communications services vendor Intrado. Source:

47.9%% - The share of email users who believe their employers have been effective at stopping spam, according to a January survey of 241 Internet users. Source: Osterman Research

25% - The expected spyware infection level on corporate PCs within the next 12 months, according to a new report from Forrester Research. Source: Networking Pipeline

750 - The number of confirmed cases of identity theft directly linked to the network security breach at credit card data company ChoicePoint, which has acknowledged that hackers culled private data on at least 145,000 people. Source: CNET

69% - The share of 163 companies surveyed by the Ponemon Institute that reported their data security breaches came at the hands of company insiders -- the result of either malicious employee activities or innocent employee mistakes. Source:

17,000,000 - The number of American adults that have been spimmed -- sent unsolicited commercial instant messages, or the equivalent of spam in the IM realm, according to a survey conducted January 13 to February 9 by the Pew Internet & American Life Project. Source:

7560 - The number of unique phishing Web sites reported in January, a 47 percent increase over the number of sites reported in December. Source: Anti-Phishing Working Group

36% - The share of consumers surveyed by Forrester Research who said they had curbed online purchases because of the rise in security breaches at credit card companies, banks and other businesses. Source: CNET



If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna or Russell at the Continuity Forum directly on 020 8993 1599 or