Respondents expect threats against sensitive information to continue to rise, with 73% predicting that database attacks will continue to increase. Improving database security is crucial because nearly half (43%) of all enterprise databases contain critical data that can include customer credit card numbers and other personal information.
"The research indicates that enterprise data security, risk and compliance is an enormous challenge, and the high percentage of reported data breaches and failed compliance audits reveal a vital need for improved control processes," said John Ottman, chief executive officer of Application Security, Inc. "DbProtect(tm) is a best practice solution that provides a single view of database security and compliance across the enterprise. With 76% of respondents placing purchasing priority on database security for 2009, organizations appear to be taking action. However, despite the severity of the problem nearly 55% of organizations report challenges and note a lack of progress to protect confidential information."
Additional "Database Security Controls" survey key findings Maintaining a false sense of security: Eighty-four percent of respondents felt that their organization's data security controls for sensitive information was adequate, but follow-up security questions made it clear that there is a disconnect between the initial responses and realities of preventing hacks and supporting compliance mandates.
Failing grades for compliance audits: In addition to the high number of reported data breaches during the past year, organizations failed audits in key categories more than one-third of the time:
Internal audits: 48% Payment Card Industry (PCI) Security Standard: 42% Health Insurance Portability and Accountability Act (HIPPA): 36% Gramm-Leach-Bliley Financial Services Modernization Act (GLBA): 36% Federal Information Security Management Act (FISMA): 38%
The report, commissioned by Application Security, Inc. and executed by Enterprise Strategy Group, is based on 179 in-person and phone surveys with global IT decision makers located in North America.