Two-thirds of major global corporations have experienced a security breach, and 20 percent of those report having a breach within the past year.

At least that’s the indication from a survey of more than 1,000 IT personnel from large companies, conducted by data protection firm Vormetric and analyst firm 451 Research.

The companies wanted to find out how worried IT managers at large corporations were about security breaches and what their experiences have been with system break-ins.

They learned that those surveyed are plenty worried and have good cause to be plenty worried. For instance, 96 percent said they felt vulnerable to a data breach, and 63 percent said they’d been through such a trauma.

However, preventing a breach was not IT’s top priority. When asked about that, 61 percent listed “meeting compliance requirements” as their top priority; preventing a security breach was listed as number one by 40 percent.

Breaches have gotten the attention of the budget setters. Six in 10 respondents said they were spending more this year to prevent a breach. But, said Garrett Bekker, senior analyst, information security at 451 Research and the author of the report, their spending is often misguided, based upon protective action that worked in the past but doesn’t work so well in the current data environment.

“IT security professionals are spending heavily on what has worked for them in the past,” said Bekker. “They are continuing to invest in defenses like network and endpoint security offerings that offer little help in protecting data once perimeters have been breached.”

The survey found health care organizations in particular aren’t taking the steps they need to protect their data. In part, that’s because these organizations have been behind the curve on systems safeguarding from the start. But they are also extremely focused on compliance, to an extent that diverts their attention from security, Bekker said.

“Compliance is only a step towards health care IT security,” he said. “As we learned from data theft incidents at health care organizations that were reportedly HIPAA compliant, being compliant doesn't necessarily mean you won't be breached and have your sensitive data stolen.”

Health care respondents revealed high levels of concern about storing their data on the cloud, the report said. But they are nonetheless following the trend and moving their data there, which in effect means that their data is even more at risk than in pre-cloud storage days, because of the industry’s lack of data management sophistication.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Dan Cook

Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.