Sometimes Security Surveys Are Incredibly Vague

A new survey was published by Secure Computing and IDC. As is often the case, the duo polled a tiny percentage of existing companies and summarily published survey results that might make your eyes bug out. I'm not saying the results aren't useful. I'm just pointing out that there leading statements aren't well defined.

According to a press release, the survey polled "100 IT professionals and security decision makers in North American companies with 500 or more employees, found that 72 percent of organizations had no solution for preventing data leaks over email and 89 percent of organizations lacked an effective anti-spam solution."

Nothing wrong with that. But, people might read it and focus on the 72 and 89 percent figures without thinking about how the basis makes the percentages vague beyond reason.

Here's what I mean: There are hundreds of thousands - if not millions - of businesses in the USA alone. Toss in Canada and Mexico (which make up North America) and suddenly we're talking about multiple millions of businesses. How many of those companies have over 500 employees? I don't know the precise answer but I am certain that the answer could be summarized as "quite a lot." So the point here is that there's no top end figure regarding employees cited in the press release. So we really don't know what business sizes those "100 IT professionals" for other than companies with "over 500 employees."

It seems to me that if a poll taker can ask "does your company have over 500 employees?" then that poll taker could also ask "how many employees does your company have?"

That said, here's the summary of findings which might be useful to you:

"85 percent of respondents reported that they were very or extremely concerned about data leakage over email. Despite this concern, only 28 percent of those surveyed had implemented a system to prevent those data leaks, while 56 percent planned to do so in the upcoming year."

"The companies surveyed were much more worried about accidental data loss than deliberate leaks."

"28 percent of large organizations reported that their spam complaints had increased by more than 10 percent since the previous year."

"Only 11 percent of organizations surveyed said that their messaging security currently \[blocks 99 percent of all spam\] and 60 percent said that their solution could not provide even 95 percent effectiveness."

"More than half of those surveyed were currently using connection and/or reputation-based technology to drop threats at the network level. However, because many of these companies are not using the latest technology, their solutions are less than 75 percent effective."

"The majority (70 percent) of companies would like a single solution that addresses both inbound and outbound threats."

"Cost-cutting measures are spurring the move toward virtualization, with 34 percent of companies planning to adopt virtual security appliances in the next 12 months."

"Companies continue to be concerned about email-borne malware, including malicious URL links (56 percent), phishing attacks (49 percent) and malicious attachments (47 percent)."

"Over the next 18 months, 40 percent of organizations plant to increase their budgets for information protection and control."

So there you have it.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.