Enterprise Strategy Group (ESG) conducted a web-based survey in 2009 of 175 North American security professionals that focused on their company’s database security and regulatory compliance policies. This research revealed that many large organizations remain severely vulnerable to compliance failures and data breaches. Furthermore, ESG is of the opinion that the research results indicate a clear and present danger to corporate database security.
- 40% of security professionals stated that their organization’s confidential data was sufficiently protected, while 13% believe that data continues to be inadequately protected in their organization.
- 25+% of large organizations devote considerable time and effort on remediating compliance issues, performing audits and working with auditors, while 40+% spend a more reasonable amount of time.
- 37% of those surveyed believed their organizations met regulatory compliance requirements, and 30% said they failed a security/compliance audit within the last three years.
- 22% of those surveyed had at least one data breach within the last 12 months .
- 56% reported confidential data breach incidents in 2008.
ESG’s research hints at a few priorities that could help address vulnerabilities, automate processes, and improve controls.