53% of South African based IT decision makers feel that not enough time or money is available to develop IT security policies. As a result, barely half of the companies feel that they have highly-organised, systematic processes to deal with threats.
These findings emerged from the recent Global Corporate IT Security Risks 2013 survey conducted by B2B International for Kaspersky Lab in 2013 among business representatives around the world.
The situation is especially poor in the global educational industry, where only 28% of organisations are confident that they have sufficient investment in IT security policies.
What is even more critical, only 34% of the government and defense organisations surveyed all around the world claim that they have enough time and resources to develop IT security policies. The remaining two thirds are in constant danger of losing confidential governmental information.
Meanwhile, even a single measure, such as, implementing IT security policies for mobile devices, could significantly reduce the risks posed by smartphones and tablets in a corporate IT environment. The survey showed that just over half have no such policies. Even where mobile security policies have been implemented, resources are still inadequate: about 41% complained that budget increases were insufficient, while 19% complained there was no extra funding made available.
According to the survey, 93% of the companies in South Africa had at least one external IT security incident, and 85% reported internal incidents in the past 12 months. Such incidents can cause real financial and reputational damage. These losses can significantly exceed the cost of putting in place IT security tools which would help to avoid leaks of important data, downtime and other unplanned expenses. This is why it is extremely important to invest in the security of the corporate IT infrastructure.
A serious incident costs large companies locally an average of $959 000 – for small and medium-sized companies the bill typically comes to about $45,000. A successful targeted attack can cost a company up to $2.4 million in direct financial losses and additional costs.
Still, lots of organisations do not realise these risks. According to the survey, 13% still regard security issues as things that “happen to others” –although this complacent attitude has been in decline since last year. Another problem is that 17% of companies mistakenly think that the costs of guarding against cybercrime are greater than the potential losses.