PwClogo
Global Home Careers Press Room PwC Portal Publications About Us Contact Us
  United States
 Quicksearch

Barometer Home
Management Barometer
Trendsetter Barometer
Manufacturing Barometer
Latest News Releases
Hot Topics
Publications
Contact Us


Trendsetter BarometerTM
printPrint-friendly version
Nearly Half of Fast Growth Companies Suffered Information Breaches Or Business Espionage Over Past 12-24 Months, PricewaterhouseCoopers Finds

Budgeting for Information Security Remains Flat


PricewaterhouseCoopers’ “Trendsetter Barometer” interviewed CEOs of 402 privately held product and service companies identified in the media as the fastest growing U.S. businesses over the last five years. The surveyed companies range in size from approximately $5 million to $150 million in revenue/sales.


To read PwC's "Information Security: A Strategic Guide For Business", click here.

NEW YORK, Nov. 24, 2003 Forty-six percent of the nation’s fastest growing companies have suffered a recent breach of their information security, despite beefed-up precautions since 9/11. In most cases, these businesses were victims of computer viruses or worms, with hackers and e-mail the suspected door openers. As a result, 83 percent of victims experienced monetary loss; and nearly one in four, network downtime. What lessons have been learned from this experience? Two-thirds report that information security is important to their company’s near-term profitable growth—and 15 percent are planning budget increases for it this year. Relatively few have identified information security priorities for the next 12 months.
Steps Taken Since 9/11

Many fast-growth CEOs have taken added precautions since September 11, 2001 to protect against terrorism or other threats to their company’s information security:

  • Increased spending to protect IT systems and data
46%
  • Created or updated business continuity/ disaster recovery plans
38%
  • Increased spending to protect intellectual property
31%
  • Increased spending to protect physical property
24%
  • Improved employee background screening
24%
  • Introduced or expanded employee identification
18%
  • Hired more security guards or services
5%
  • Created position of chief security/information officer
5%
“As corporate technology becomes increasingly advanced, information security becomes all the more critical,” said Mark Lobel, Senior Manager—Security and Privacy Services, for PricewaterhouseCoopers. “But it would appear that many surveyed CEOs have only scratched the surface, with relatively light adoption of many of the alternatives available to them.”

Vulnerabilities

Despite any precautions, 46 percent of “Trendsetter” companies have suffered a breach of information security or business espionage over the past 12-24 months:

  • Types of Breaches

    Ninety percent of penetrated companies were victims of computer viruses or worms—with some suffering breaches from other sources, as well. Other vulnerabilities included telecom/unauthorized entry, noted by 17 percent; denial of service by 13 percent; manipulated systems programs by five percent; manipulated software applications by five percent; and mobile/wireless application intrusion by two percent.

  • Sources

    Computer hackers were cited as the means of penetration by 61 percent of the victims, followed by e-mail, 27 percent. Unauthorized users and employees were suspected by seven percent; former employees by three percent; and competitors by two percent.

  • Effects

    Most of the victimized companies (24 percent) suffered network downtime, or unavailable business applications (12 percent). Other effects included financial losses (ten percent), lost or damaged internal records (seven percent), lost or damaged customer records (four percent), intellectual property theft (two percent), identity theft (two percent), and fraud (one percent).

  • Total Value of Loss

    Eighty-three percent of victims reported at least some monetary loss—including five percent incurring high cost, five percent with moderate cost, and 73 percent with low cost. Only 11 percent had no monetary loss, and six percent were uncertain or did not report.

  • Downtime

    Time losses averaged 1.33 days over the past 12 months.

“To stem sophisticated adversaries, companies need a continually updated defense,” said Lobel. “The price of being unprepared or under-prepared amounted to a loss of hard dollars for eight in ten companies surveyed—and the lost time equivalent of more than an extra vacation or sick day for each and every employee in a penetrated company.”

Security Importance and Priorities

Sixty-six percent of “Trendsetter” CEOs cite information security as important to their company’s profitable growth over the next 12-24 months. Further, 79 percent suffering recent breaches or espionage see information security as important, including 48 percent who rate it “very important” or “essential.”

But, is this importance fully reflected in budget allocations? On average, fast growth CEOs expect to spend 1.9 percent of their 2003 operating budget on information security, about the same as they did in 2002 (1.8 percent). Viewed separately, 15 percent will be increasing their expenditure level, and two percent will be decreasing it.

And, more CEOs who have experienced a recent breach or espionage have established information security priorities for the next 12 months:
All
Suffered
Breaches/Espionage
Companies
Any
None
  • Train/retrain staff
30%
35%
26%
  • Define security responsibilities
26%
29%
24%
  • Develop security policy and standards
25%
25%
24%
  • Form incident response policy
20%
21%
20%
  • Create data ownership/ classification standards
20%
23%
18%
  • Establish policy for outsourced applications
12%
15%
10%
  • Add qualified staff/guards
6%
7%
5%
“Unless more attention is given to information security budgets and priorities, many of these fast growth companies could be placing themselves at risk,” said Lobel. “This situation may be like replacing your windshield wipers—you’re wise to change them on a sunny day, to be prepared for a rainy one.”

PricewaterhouseCoopers’ “Trendsetter Barometer” is developed and compiled with assistance from the opinion and economic research firm of BSI Global Research, Inc.

PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services for public and private clients. More than 120,000 people in 139 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders. “PricewaterhouseCoopers" refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.

If you have a question about this “Trendsetter Barometer” survey, please contact Pete Collins, survey director and publisher, at 646-394-4496 or e-mail to: pete.collins@us.pwc.com

For more information about Barometer surveys, including recent economic trend data and topical issues, please visit our web site: www.barometersurveys.com



For additional information contact:
Pete Collins, 646-394-4496;
E-mail: pete.collins@us.pwcglobal.com
 Resources

  Charts

  Publications
PwC Publications
Featured Publications


top print



powered by BSI | interactive   
© 2010 PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.