Qualys announced that 74% of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern. In addition, the majority of European professionals - over 90% - are already preparing for deperimeterisation. These and other findings come from a live survey of over 80 security professionals conducted at the Jericho Forum Conference at the InfoSecurity Europe tradeshow.
The polling was carried out by Qualys in association with the Jericho Forum and featured twelve key questions relating to business issues of importance to senior security executives. Qualys had conducted a similar survey at the CSO Interchange event held at the RSA tradeshow in San Francisco in February. Results highlight key differences between security pre-conceptions of US executives as compared to their European counterparts.
"The fact that the majority see the effect of data loss on brand reputation as their biggest concern not only demonstrates the awareness built by incidents such as the TK Maxx data breach but clearly also reflects on the changing role of CSOs today. No longer are security professionals pure technologists.
They are now taking on more responsibility on a corporate level and realise that security needs to be moved higher up the business agenda." Said Philippe Courtot, Chairman and CEO of Qualys, who opened the Jericho Conference (with a call to action for vendors to support Jericho by rising to the challenge of designing to the Jericho Blueprint).
The survey also shows that European professionals are ahead of their US counterparts in relation to deperimeterisation. 90% believe it will happen in the next five years and that companies will not be operating with a hardened perimeter. In contrast US executives will demonstrate some reliance still on a perimeter for corporate security.
"European organisations have clearly grasped the fact that deperimeterisation will happen in the next five years. It's clear that Europeans are far better prepared to address future security business needs than their US colleagues and are preparing to embrace a perimeter-less future" said Paul Simmonds, Global CISO for ICI and Jericho Forum board member.
However Europeans need to catch up on US counterparts with regard to PCI
compliance. Only 39% of Europeans are currently acting on the need for
PCI compliance whereas in the US 63% are active. In the US there is greater pressure to drive incidents such as TJX in to the open and in Europe there is no directive on disclosure.
Over 50% of executives both sides of the Atlantic see compliance as the biggest driver in their security strategy.
Other key findings from the survey show:
* 69% of European executives believe that insider threats pose
more serious problem than threats from outside the organization.
Considering 80% of security budget is spent on strengthening the perimeter this suggests a real need to shift the focus.
* Europe is more reliant on ISO 17799 with over 82% of
professionals using it within their company and 15% of these already certified.
* In relation to security metrics Europe was somewhat behind with
39% currently defining their metrics and only 29% with mature metrics in place.
* Software-as-a-service is clearly gaining momentum in Europe with
26% of Europeans surveyed already deploying SaaS and a further 29% actively considering it.
"The polling data clearly indicates that both in the US and in EMEA regulatory issues drive the investment in security. It also suggests that European organizations are more aware of the need to rethink how they secure their computing infrastructure in a world that is becoming ever more global and interconnected." said Philippe Courtot, Chairman and CEO of Qualys.