CSI Computer Crime and Security Survey 2010/2011
Already an Elite Member? - click here to access the report.
Interested in just the Survey Report? Obtain it here.
This survey marks the 15th annual edition of the CSI Computer Crime and Security Survey, making it the longest-running project of its kind in the security industry.
Elite Members - Access here.
There are lots of information security reports out there, but most of them are produced by vendors, or by analyst groups hired by vendors. The CSI survey is independent and is uniquely focused on what happens in average enterprises that haven’t been at the center of a major data leak. Here’s what security program managers are seeing out there.
The survey includes information about targeted attacks, incident response and the impacts of both malicious and non-malicious insiders. It contains details about respondents' security programs, including budgeting, policies implemented, tools used, satisfaction with security tools and budgets, degree of outsourcing, use of metrics and effects of compliance requirements.
As it did beginning last year, the survey makes some comparisons of CSI's findings to those of the Verizon Business RISK Team Data Breach Investigations Report, the Ponemon Institute's Cost of a Data Breach report and the Symantec Global Internet Threat Report.
Some key findings:
- Of the approximately half of respondents who experienced at least one security incident last year, fully 45.6 percent of them reported they’d been the subjects of at least one targeted attack.
- When asked what actions were taken following a security incident, 18.1 percent of respondents stated that they notified individuals whose personal information was breached and 15.9 percent stated that they provided new security services to users or customers.
- When asked what security solutions ranked highest on their wishlists, many respondents named tools that would improve their visibility—better log management, security information and event management, security data visualization, security dashboards and the like.
- Respondents generally said that regulatory compliance efforts have had a positive effect on their organization's security programs.
This year's survey results are based on the responses of 351 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations. Their responses cover the security incidents they experienced and security measures they practiced from the period of July 2009 to June 2010.
View the CSI Survey 2010 Webinar, originally aired December 2, 2010.
(This will open in a new browser window...)
Want to view a previous report? Access it here.