By Anna Marie Kukec
About 33 percent of companies said they experienced fewer security
breaches in their networks in the past year , compared to 42 percent a
Although the numbers went down, the attacks, whether by viruses, worms
or malicious spyware, were more damaging, said a report by Oakbrook
Terrace-based Computing Technology Industry Association.
"The most troubling is the security breaks that have been occurring are
of a more severe nature," said association spokesman Steven Ostrowski.
This is the fifth year that Comptia has surveyed its membership
nationwide about security breaches. This latest one had 1,070
Among organizations that reported a security breach in the last year,
the average severity level was 4.8 on a 10-point scale with 10 as the
most severe. Severity in the last two years was rated at 2.3 and 2.6,
"It's a mixed blessing," Ostrowski said. "It's good that the number of
actions are down, but the ones that have been happening have been
causing more damage."
The survey found that the average cost of a security breach across all
companies was $369,388. That included a handful of companies who said
their costs were more than $10 million, reflecting the higher risk that
larger companies face, the survey said.
About one-half of all respondents estimated that the cost of security
breaches in the last 12 months was $10,000 or less.
The survey also said that not all security breaches originate
Among organizations that experienced a security breach, nearly 1 in 4
(or 23 percent) indicated that they had an insider security breach or
For more information, visit www.comptia.org/sections/research/
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com