45% of IT decision-makers surveyed report lost or stolen intellectual property could put job on the line

Issued by Global Research Partners for SecureData
Johannesburg, 14 Jun 2005

SecureData, a member of the JSE-listed ERP.com Group and a southern African distributor for Websense, today announced the latter's results of its Stress of Security study, which is part of Websense's annual Web@Work survey conducted by Harris Interactive.

From 21 to 28 February 2005, 354 US IT decision-makers who work for organisations with at least 100 employees were interviewed online and from 28 February to 21 March 2005, 500 US employees who have Internet access at work and who work for organisations with at least 100 employees were surveyed over the telephone on IT security in the workplace.

According to the 2005 Stress of Security Survey, 25% of IT decision-makers surveyed reported that protecting their company against malicious Internet security threats, such as viruses or spyware, is more stressful than a minor car accident. 13% stated that it is more stressful than starting a new job. Furthermore, when asked about security breaches and the effects on their employment status, 45% of IT decision-makers surveyed believed that lost or stolen intellectual property as a result of an Internet security breach could put their job on the line.

As spyware infections can be difficult to detect and may lead to the loss of confidential personal or financial data, it's no surprise that the vast majority (65%) of IT decision-makers surveyed said spyware has caused security problems for their companies in the past year, making spyware the most common problem experienced. However, despite the high understanding of IT regarding the prevalence of spyware and the danger it can present to their corporate networks, many employees are completely unaware of spyware and its associated security risks. For example, only 9% of employees surveyed said they have ever visited any Web sites at work that contain spyware; yet 93% of IT decision-makers surveyed estimated that their organisation has been infected by spyware.

Viruses also present a critical security concern for companies, as 41% of IT decision-makers surveyed stated that system downtime due to viruses could also potentially put their jobs at risk. To protect their organisations from virus outbreaks, the overwhelming majority of IT decision-makers rely on anti-virus technology - 91% surveyed said they are at least somewhat confident that their company's current anti-virus software is able to stop viruses from attacking their company's network. Nevertheless, 51% of IT decision-makers surveyed said their companies have been infected by a Web-based virus such as the Bagel Worm or JS Scob. Furthermore, 16% said the virus took a week or more to remediate.

The survey also exposed a false sense of security for IT decision-makers and employees alike on the issue of unmanaged laptop usage. For example, of those surveyed, large majorities of IT decision-makers (75%) and employees who have a work-owned laptop (89%) said that employees are the ones responsible for how corporate laptops are used when removed from the network. Yet 86% of IT decision-makers surveyed admitted that employee usage of corporate laptops outside the office and then reconnected to the company network can lead to increased security risks, such as viruses or spyware. Moreover, 63% of employees surveyed who use a work-owned laptop confessed they've engaged in non-work related activities on their work laptop when disconnected from the corporate network, including personal surfing (56%) and managing/storing personal photos (28%), as well as sharing their laptops with family and friends (19%).

"Defending the corporate network from the escalating number of Internet security threats can be extremely stressful for even the most prepared IT staff, as many online dangers, such as spyware or keylogging applications, can be nearly impossible to detect, and most employees are simply not aware of the risks," commented Curt Staker, President of Websense. "What's more, many employees might be faced with too much responsibility for their own IT security-especially for unmanaged corporate laptops which are used outside the company firewall. Websense fills these critical time and technology gaps left by existing security measures such as firewalls and anti-virus software."

2005 Stress of Security Survey results:

Stress due to security breaches. 25% of IT decision-makers surveyed felt that protecting their company against malicious Internet security threats is more stressful than a minor car accident, and 13% believed it is more stressful than starting a new job.

Job risk due to security breaches. When IT decision-makers were asked which security breaches could potentially put their job at risk, the most common responses were lost or stolen intellectual property (45%), system downtime due to viruses (41%), breached Internet security (36%), and legal threats due to materials pirated by employees (34%).

Internet security threats. IT decision-makers surveyed cited spyware most often as the leading cause of security problems in the past year for their organisations (65%), followed by employee use of bandwidth-clogging applications (42%), employee use of unlicensed/unsanctioned software (39%), and phishing attacks (32%).

Spyware. Only 9% of employees surveyed said they have ever visited any Web sites at work that contain spyware; however, 93% of IT decision-makers surveyed estimated that their organisation has been infected by spyware at some point. IT decision-makers surveyed estimated that an average of 35% of workstations have at any time been infected by spyware, up from 29%, according to the 2004 Web@Work survey. 43% of IT decision-makers surveyed indicated that the number of spyware-infected workstations at their organisation has increased in the last 12 months.

Hacking. 12% of IT decision-makers surveyed reported that their company has had employees launch a hacking tool within their network.

Effectiveness of anti-virus. 91% of IT decision-makers surveyed said they are at least somewhat confident that their company's current anti-virus software is able to stop viruses from attacking their company's network, yet 51% of IT decision-makers surveyed reported their company has been infected by a Web-based virus such as the Bagel Worm or JS Scob. 16% said the virus took a week or more to remediate.

Laptops. 29% of employees surveyed have a work-owned laptop, and 59% of these respondents have used their work laptop to connect to a wireless or hotel network when travelling. 75% of IT decision-makers surveyed believed that employees are responsible for how corporate laptops are used when they are taken out of the office, while 89% of employees surveyed who have a work-owned laptop felt employees were responsible.

63% of employees surveyed that use company-owned laptops admitted to engaging in non-work-related tasks on their laptops when disconnected from the corporate network. The most common activities engaged in are: personal surfing (56%), managing/storing personal digital photos (28%), and sharing the laptop with family or friends (19%). An overwhelming majority (86%) of IT decision-makers surveyed believed that corporate laptops used outside the office and then reconnected to the company network pose a security risk. Viruses (88%), spyware (79%), and installation of non work-related spyware (78%) were the most frequently cited reasons why.

Portable devices. 13% of employees surveyed admitted they have used a portable storage device, such as a USB device, to download company information. However, 65% of IT decision-makers surveyed indicated that their employees have used a portable storage device such as a USB device to download information.

Compliance. 51% of IT decision-makers surveyed reported their companies have had their information security policies influenced by compliance issues brought about by government regulations, such as the Graham-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOX), and the Health Insurance Portability and Accountability Act (HIPAA). Not surprisingly, larger companies tended to be more affected.

Web@Work Survey

Web@Work is a comprehensive annual survey of Internet and application usage in the workplace. By surveying both employees and IT decision-makers, the study reveals unique insights on employees' surfing habits as well as IT decision-makers' perspective on the top network problems facing today's organisations. Web@Work is commissioned by Websense, Inc and conducted by Harris Interactive. This is the sixth annual Web@Work survey.

Survey methodology

Data for these surveys were collected by Harris Interactive on behalf of Websense. Harris Interactive is solely responsible for the online and telephone data collected and Websense is responsible for the data analysis. Both parties collaborated on the survey questionnaire.

The employee survey was conducted by telephone within the US between 28 February and 21 March 2005 among a nationwide cross sample of 500 adults aged 18+ who have Internet access at work and work at a company with at least 100 employees. The IT decision-makers survey was conducted online within the US between 21 February and 28 February 2005, among a nationwide cross-section of 354 IT decision-makers in companies with more than 100 employees. Data are not weighted and are representative of those employees and IT decision-makers surveyed.

In theory, with probability samples of this size, one can say with 95% certainty that the overall employee results have a sampling error of plus or minus four percentage points and the overall IT decision-maker results have a sampling error of plus or minus five percentage points. Sampling error for the results of employees who have a work-owned laptop (145) is +/-9%. This online sample is not a probability sample.

Harris Interactive

Harris Interactive Inc (www.harrisinteractive.com), the 15th largest and fastest-growing market research firm in the world, is a Rochester, New York-based global research company that blends premier strategic consulting with innovative and efficient methods of investigation, analysis and application. Known for The Harris Poll and for pioneering Internet-based research methods, Harris Interactive conducts proprietary and public research to help its clients achieve clear, material and enduring results.

Harris Interactive combines its intellectual capital, databases and technology to advance market leadership through US offices and wholly owned subsidiaries: London-based HI Europe (www.hieurope.com), Paris-based Novatris (www.novatris.com), Tokyo-based Harris Interactive Japan, through newly acquired WirthlinWorldwide, a Reston, Virginia-based research and consultancy firm ranked 25th largest in the world, and through an independent global network of affiliate market research companies.

For further information, please contact Willem Barnard at telephone (011) 257 8600; fax (011) 257 8699; e-mail willemb@securedata.co.za.

Websense

Websense, Inc, is the global leader in Web filtering, and a premier provider of web security software, and is preferred by leading Fortune 500, and FTSE 100 customers, as well as government agencies and educational institutions.

Websense products increase employee Internet productivity and secure organisations from emerging Internet threats by providing a proactive Web security component that complements traditional security solutions. Only Websense delivers flexible, integrated policy enforcement at the Internet gateway, on the network and at the desktop. Websense provides solutions trusted by more than 24 000 customers and 19.8 million employees worldwide.

SecureData

SecureData, an ERP.com company, is Africa's Premier IT security solution provider. SecureData's solutions incorporate anti-virus and content security, network security, intrusion prevention software and network asset management.

SecureData's comprehensive "Managed Security Services" include design, audit, implementation, vulnerability assessment, outsourcing and hosting. SecureData distributes, sells and supports category leading IT security products to the public, corporate and SME sectors throughout Africa as well as products and services to the SOHO and consumer markets through partnerships with ISPs. As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the African distributor for US-based TippingPoint Technologies and the southern African distributor for US-based Application Security, eEye, Rocket Software, RSA Security, St Bernard and Websense; and UK-based Centennial. For more information, visit SecureData at www.securedata.co.za.

ERP.com

ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.

Editorial contacts