ISO-27002-(17799) News

74% Of Security Executives Concerned About Impact Of Payment Card Data Loss

(May 02, 2007)-- Qualys, provider of on-demand compliance and vulnerability management, announced  that 74% of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern. In addition, the majority of European professionals – over 90% - are already preparing for deperimeterisation. These and other findings come from a live survey of over 80 security professionals conducted at the Jericho Forum Conference at the InfoSecurity Europe tradeshow.

The polling was carried out by Qualys in association with the Jericho Forum and featured twelve key questions relating to business issues of importance to senior security executives. Qualys had conducted a similar survey at the CSO Interchange event held at the RSA tradeshow in San Francisco in February. Results highlight key differences between security pre-conceptions of US executives as compared to their European counterparts.

“The fact that the majority see the effect of data loss on brand reputation as their biggest concern not only demonstrates the awareness built by incidents such as the TK Maxx data breach but clearly also reflects on the changing role of CSOs today. No longer are security professionals pure technologists. They are now taking on more responsibility on a corporate level and realise that security needs to be moved higher up the business agenda.” Said Philippe Courtot, Chairman and CEO of Qualys, who opened the Jericho Conference (with a call to action for vendors to support Jericho by rising to the challenge of designing to the Jericho Blueprint).

The survey also shows that European professionals are ahead of their US counterparts in relation to deperimeterisation. 90% believe it will happen in the next five years and that companies will not be operating with a hardened perimeter. In contrast US executives will demonstrate some reliance still on a perimeter for corporate security.

“European organisations have clearly grasped the fact that deperimeterisation will happen in the next five years. It’s clear that Europeans are far better prepared to address future security business needs than their US colleagues and are preparing to embrace a perimeter-less future” said Paul Simmonds, Global CISO for ICI and Jericho Forum board member.

However Europeans need to catch up on US counterparts with regard to PCI compliance. Only 39% of Europeans are currently acting on the need for PCI compliance whereas in the US 63% are active. In the US there is greater pressure to drive incidents such as TJX in to the open and in Europe there is no directive on disclosure.

Over 50% of executives both sides of the Atlantic see compliance as the biggest driver in their security strategy.

Other key findings from the survey show:

• 69% of European executives believe that insider threats pose more serious problem than threats from outside the organization. Considering 80% of security budget is spent on strengthening the perimeter this suggests a real need to shift the focus.
• Europe is more reliant on ISO 17799 with over 82% of professionals using it within their company and 15% of these already certified.
• In relation to security metrics Europe was somewhat behind with 39% currently defining their metrics and only 29% with mature metrics in place.
• Software-as-a-service is clearly gaining momentum in Europe with 26% of Europeans surveyed already deploying SaaS and a further 29% actively considering it.

Share or bookmarklet this web page at: