Guess what? Back in September we promised to release both the full Data Security Survey results and the raw data, and today is the day.
This report is chock full of data security goodness. As mentioned in our original post, here are some highlights:
- We received over 1,100 responses with a completion rate of over 70%, representing all major vertical markets and company sizes.
- On average, most data security controls are in at least some stage of deployment in 50% of responding organizations. Deployed controls tend to have been in use for 2 years or more.
- Most responding organizations still rely heavily on ‘traditional’ security controls such as system hardening, email filtering, access management, and network segregation to protect data.
- When deployed, 40-50% of participants rate most data security controls as completely eliminating or significantly reducing security incident occurrence.
- The same controls rated slightly lower for reducing incident severity when incidents occur, and still lower for reducing compliance costs.
- 88% of survey participants must meet at least 1 regulatory or contractual compliance requirement, with many required to comply with multiple regulations.
- Despite this, “to improve security” is the most cited primary driver for deploying data security controls, followed by direct compliance requirements and audit deficiencies.
- 46% of participants reported about the same number of security incidents in the last 12 months compared to the previous 12, with 27% reporting fewer incidents, and only 12% reporting an increase.
- Over the next 12 months, organizations are most likely to deploy USB/portable media encryption and device control or Data Loss Prevention.
- Email filtering is the single most commonly used control, and the one cited as least effective.
Unlike… well, pretty much anyone else, we prefer to release an anonymized version of our raw data to keep ourselves honest. The only things missing from the data are anything that could identify a respondent.
This research was performed completely independently, and special thanks to Imperva for licensing the report.
Visit the permanent landing page for the report and data, or use the direct links:
- Report: The Securosis 2010 Data Security Survey report (PDF)
- Anonymized Survey Data: