The survey highlights that regulatory compliance to protect corporate data continues to be one of the greatest challenges faced by businesses and organizations across all industries. While an external data breach for financial gain is considered to be the biggest information security nightmare (34 percent), respondents indicated that failing an audit closely follows at 31 percent.
The two biggest challenges to demonstrating compliance are measuring and reporting on compliance (31 percent) and automating IT controls (24 percent).
While compliance mandates continue to keep IT professionals awake at night, the disconnect between security teams and business leaders is steadfastly becoming a problem. Over one-third (36 percent) of information security professionals admit to meeting infrequently or never at all with business unit leaders to understand business objectives and information security needs.
Two-thirds of information security professionals revealed that their IT security department is understaffed and could use more people. The information security needs of business have far outgrown the supply of qualified professionals to deal with them. Itís a gap most business hadnít expected would be so wide.
Additional key survey takeaways:
- Misuse by employees is considered the greatest risk facing enterprises today
- Over 50 percent of respondents reveal that less than 25 percent of mobile devices are monitored in real time
- 25 percent of respondents said they donít know how long it would take their organization to find a root cause of a breach
- 42 percent of respondents react to an incident after the problem has been identified
- 20 percent of respondents plan to implement SANS Critical Security Controls in the next 12-24 months.