The Securosis 2010 Data Security SurveyBy Rich
This report contains the results, raw data, and analysis of our 2010 Data Security Survey.
Key findings include:
- We received over 1,100 responses with a completion rate of over 70%, representing all major vertical markets and company sizes.
- On average, most data security controls are in at least some stage of deployment in 50% of responding organizations. Deployed controls tend to have been in use for 2 years or more.
- Most responding organizations still rely heavily on ‘traditional’ security controls such as system hardening, email filtering, access management, and network segregation to protect data.
- When deployed, 40-50% of participants rate most data security controls as completely eliminating or significantly reducing security incident occurrence.
- The same controls rated slightly lower for reducing incident severity when incidents occur, and still lower for reducing compliance costs.
- 88% of survey participants must meet at least 1 regulatory or contractual compliance requirement, with many required to comply with multiple regulations.
- Despite this, “to improve security” is the most cited primary driver for deploying data security controls, followed by direct compliance requirements and audit deficiencies.
- 46% of participants reported about the same number of security incidents in the last 12 months compared to the previous 12, with 27% reporting fewer incidents, and only 12% reporting an increase.
- Over the next 12 months, organizations are most likely to deploy USB/portable media encryption and device control or Data Loss Prevention.
Email filtering is the single most commonly used control, and the one cited as least effective.
Anonymized Survey Data: