How much money has your IT infrastructure lost you?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.abc.net.au/technology/articles/2014/01/20/3928545.htm

Today's business environment is both ripe with opportunity and fraught with
risk. This dichotomy is revealing itself in the world of IT and throughout
boardrooms across the globe like never before.

In the last 12 months, security breaches have cost Australian organisations
an average of US$963,947, according to a recent survey. That's around one
million dollars down the drain instead of in the bank. They also lost an
average of US$701,304 as a result of data loss and US$215,775 because of
down time. It can be a bit nerve wracking to hear these numbers, but it
shouldn't be.

As more mission critical applications are deployed in virtualised
environments, new approaches are needed to eliminate expansive and
debilitating downtime. Today's sophisticated cyber-attacks call for a move
beyond perimeter protection to intelligence driven security analytics.
Advanced monitoring and response capabilities are required to defend
against intrusive threats to the business. Backup and recovery systems need
to be more effective than ever before to prevent data loss, improve
protection and speed up recovery time.

So, how mature is your organisation's IT?

To get a pulse on how these dynamics are playing out globally, we
commissioned a global independent research company to survey IT managers
and business decision makers on their organisations' IT maturity levels. It
assessed their ability to withstand and quickly recover from disruptive
incidents such as unplanned downtime, security breaches and data loss.

Respondent organisations were scored on a maturity scale, a model based on
moving from primitive IT infrastructure towards progressive strategies and
advanced technologies. Those at a more advanced level achieved higher
scores in each of the three pillar sections (continuous availability,
advanced security and integrated backup and recovery), which all
contributed equally to the final maturity score received. The overall
result of this model is a bell curve, which was then divided into four even
segments from a low to high score: Laggards (1-25), Evaluators (26-50),
Adopters (51-75) and Leaders (76-100).

Australia vs. the world

Sixteen countries from across the globe were included in the survey, and of
those Australia achieved the fifth highest maturity rating (behind China,
USA, South Africa and Brazil). Based on the rating respondents gave their
own organisation, Australia received a score of 52.8, which allowed it to
scrape into the Adopter category.

This seems to be where Australia belongs, organisations do embrace new
technology when they have the resources to support it, but shows that
perhaps all of us aren't as advanced as broader perception suggests.

How confident are we in our IT?

Interestingly, 41 per cent of Australian respondents report their senior
executives are not confident that their organisations have adequate
availability, security, and backup and recovery capabilities. Where
organisations believe they are on the maturity curve has a large bearing on
whether they claim their senior team is confident in their IT. Within
Australia, the percentages within each category that report their senior
teams are confident are: Laggard (33%), Evaluator (45%), Adopter (76%) and
Leader (86%). Confidence levels clearly increase among organisations that
view themselves as more mature.

Naturally, the higher organisations land on the maturity curve, the more
likely they are to have already implemented strategic and leading-edge
technology projects such as Big Data Analytics. Overall, results showed
that organisations with higher maturity levels avoid - and recover quickly
from - disruptive incidents.

Perception of business and IT leaders

The study also identified a significant disparity between how IT and
business leaders perceive improvements in their IT infrastructure. While 61
per cent of IT decision makers consider the IT department to be the
motivation and drive for future resilient and secure IT infrastructure, the
number drops to 42 per cent for business decisions makers when asked the
same question.

This could be explained by IT departments not realising the full business
impact of downtime, security breaches and data loss. On average, IT
managers estimated fewer hours of downtime than their business
decision-makers counterparts.

Looking at the numbers

In terms of security incidents, Australian organisations reported fewer
breaches than other parts of the world but higher losses. 54 per cent of
Australian respondents experienced at least one of the following in the
past 12 months: unplanned downtime (32%), security breach (21%) and data
loss (24%). These incidents resulted in loss of employee productivity
(47%), loss of revenue (37%), loss of business to a competitor (32%), and
loss of customer confidence/loyalty (30%).

On the upside, Australia is ahead of the world and well below the global
average when it comes to hours of downtime experienced and money lost as a
result. However, Australian organisations experience eight incidences of
data loss a year, compared to the global average of just five. Also,
companies that have implemented data loss protection strategies said they
could recover data in minutes.

Overcoming barriers

It was encouraging to see that 54 per cent of Australian organisations saw
an increase in IT spend last year, showing that businesses see the value in
new technologies, but there is still great opportunity for organisations to
review and improve their processes.

Budget constraints (56%) reigned as the number one obstacle to implementing
continuous availability, advanced security, and integrated backup and
recovery solutions. Resources and/or workload constraints (29%), poor
planning (30%), and knowledge and skills (38%) rounded out the top four.

Organisations can avoid becoming a part of the statistics by taking another
look at their security policies and thinking about how to recover data and
not just back it up.

Stalled or reduced investment threatens the ability of IT infrastructures
to withstand and quickly recover from disruptive incidents. This fact
underscores the need to adopt progressive strategies to achieve Trusted IT
infrastructures. Being able to access business data at any time in any
place, with peace of mind that the data is secure, is both expected and
taken for granted by many today.

Methodology

Survey data is the result of 3,200 interviews of 1,600 IT and 1,600
business decision makers from the United States, the United Kingdom,
Canada, Brazil, France, Germany, Italy, Spain, Russia, India, South Africa,
Australia, Japan, China and the Nordic and Benelux regions. Respondents
were employed at companies within ten industry sectors (including the
public sector), with 50% working for organisations with 100-1000 employees
and the other 50% at organisations with more than 1,000 employees.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.