In regards to regulatory compliance, the vast majority, 75 percent of respondents, are not confident that they will pass a regulatory audit, with more than half of organizations stating that they have already failed an audit. Nine percent of companies indicated that these audit failures resulted in industry or government fines. Databases also ranked as the biggest infrastructure challenge in terms of complying with regulatory mandates.
Additional Key Findings:
o 41% of companies indicating they will be investing in Database Activity Monitoring o 45% of companies are patching systems every week o 49% of companies stated that they try to ‘over protect’ by patching everything o 84% of the respondents feel that their business and security operations are impacted due to out-of-cycle patches o 37% are not confident in knowing which assets need to be patched when a new threat materializes o 24% of organizations are spending more than $250,000 annually on auditors o Compliance is perceived as the main budget driver for 25 percent of IT projects o More than 40 percent of organizations get into “fire-fight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities o 39% are not confident of being able to translate IT risks into business risks o 56% of organizations indicated adding “Countermeasure-Awareness” to their risk analysis would provide the biggest benefit o 60% of the respondents believe that up to 10% of downtime is attributable to unauthorized changes that take place over the entire year
“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee. “As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls.”
About the Report:
The independent research for the Risk and Compliance Outlook was conducted by Evalueserve on behalf of McAfee. The survey includes responses from 353 IT decision makers, consultants and security analysts from companies with more than 500 employees who are involved in evaluation, selection, day-to-day management and maintenance of security products. Surveys were conducted in Australia, Canada, France, Germany, New Zealand, Singapore, United Kingdom and United States.
To download the report, please visit www.mcafee.com/rcoutlook.
About McAfee, Inc.
McAfee, headquartered in Santa Clara, California, is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, and browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee secures your digital world. http://www.mcafee.com