Out-Law News 2 min. read

Pressure to deliver new IT projects despite security concerns felt by 80% of IT professionals

Chief information officers (CIOs) and IT directors are being put under pressure to introduce new IT projects before security issues have been completely ironed out, according to a new survey.

A survey commissioned by information security provider Trustwave found that most IT professionals felt more pressure in 2013 to "secure their organisations" than they did in 2012, with 58% expecting even greater pressure to be exerted on them this year.

Chief information officers (CIOs), chief information security officers (CISOs) and IT directors from the US, UK, Germany and Canada were among those quizzed in the survey.

According to Trustwave's '2014 Security Pressures' report, 79% of the IT professionals surveyed said they were "pressured to unveil IT projects", despite fears that security issues were unresolved. More than one in 10 (16%) said that this pressure was exerted "frequently", whilst 63% said the pressure was exerted on one or two IT projects last year.

"With 4 out of 5 IT pros pressured to roll out IT projects despite concerns they weren’t 'security-ready,' regular security risk assessments and penetration testing are critical," Trustwave said in its report. "Risk assessments can help businesses identify where they store sensitive data and if that data is vulnerable to an attack. Frequent penetration testing, where ethical hackers attempt to “break in” to business systems, can help businesses identify and eliminate vulnerabilities that become the intrusion points of almost any breach."

The respondents said that, of all the new technologies they are being pressured to use or adopt, they feel the most pressure to utilise cloud computing, ahead of mobile applications, big data, the 'bring your own device' practice and social media. They said that the cloud and mobile apps pose the joint greatest security risk to their organisations.

The survey also revealed that IT professionals are concerned more about data loss than reputational damage, fines and legal action that can result from data breaches and cyber attacks.

"58% of respondents said that, following a cyberattack or data breach, customer data theft worries them the most, followed by intellectual property theft at 22%," the Trustwave report said. "12% are worried most about reputation damage, 3% by fines or legal action and 5% of respondents do not believe their organisation will fall victim to cyberattacks [or] data breaches. In a separate question, 73% of respondents said they believe their organisation is safe from IT security threats, including cyberattacks and data breaches."

Most organisations (74%) manage IT security in-house, according to the survey, but 82% of IT professionals said they have either already partner with, or plan to partner with in future, a "managed security service provider".

"When partnering with third-party IT providers (or any vendors that have access to IT systems), businesses should require these companies have detailed and locked-down security policies, perform ongoing and regular penetration testing, demonstrate appropriate remote access controls, ensure software and hardware is consistently patched and isolate data from other customers," Trustwave said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.