The institute asked respondents to rate how satisfied they were with their technologies on a scale of 1 to 5. All technologies fell within the 3.0 to 3.6 range, which isn’t bad, but the tools that scored the lowest in that zone were the ones that are supposed to indicate how secure an organization is at any given moment. “They weren’t wildly happy with anything nor, on the other hand, were they wildly unhappy with anything, but it sort of indicates to me that there’s an acceptance of the tools we have,” said Robert Richardson, CSI’s director. The tools mentioned in the survey overview included log management tools, data leak prevention, content monitoring and intrusion detection tools.
A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.
Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.
Government agencies constituted more than 13 percent of survey participants, comprising people from federal, local, military and law enforcement jurisdictions.
Richardson thought the results were telling, but he wondered about the experiences of those who didn’t respond.
http://www.govtech.com/gt/736410?topic=117671