96% of IT companies hit by serious security incident in 2013

Just a third of IT companies are confident that security solutions will get to a level high enough to provide effective protection for their organisation in the future.

Related: Cybersecurity scourge causes 70% of critical infrastructure firms to lose confidential data

ForeScout’s 2014 Cyber Defence Maturity Report found that almost all of those surveyed [96 per cent] were hit with a serious IT security incident over the past year and just 33 per cent believe immature security controls will be improved to a level described as “mature”.

One sixth of firms reported that they have had five or more significant incidents and as many as 39 per cent have experienced at least two or more incidents over the past year thus illustrating the worldwide need for mature security.

Phishing, compliance policy violations, unsanctioned device and application use, and unauthorised data access were the top security incidents mentioned by the 500 employees across various critical sectors in the UK, US, Germany and other countries that took part in the survey.

The security issues mentioned most frequently by the respondents were malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage.

Security management is undoubtedly a lot more challenging than it was a couple of years ago and upwards of 43 per cent of IT firms admitted that problem prevention, identification, diagnosis and remediation are harder than 24 months previous. In addition, 40 per cent think that security management tasks are more challenging now than two years ago.

Bring your own device [BYOD] policies were mentioned by 78 per cent of respondents as having an impact on governance, risk and compliance [GRC], although European respondents pointed to data wiping and encryption as having a higher influence on GRC.