- Event Registration
- Events Calendar
- Gartner Blog Network
- Videos
- Podcasts
- Photographs
- Gartner Books
- Analyst Coverage Areas
- Press Release RSS Feed
- Attribution Guide
- Products & Services
- Company Profile
- Investor Information
- Executive Profiles
- Board of Directors
- Acquisition History
- Gartner Policies
- Office of the Ombudsman
- North America
- Europe
- Australia / New Zealand
- S.E. Asia / North Asia
- India and Korea
- Japan
- Latin America / Mexico
- CURRENT
- VIEW ALL
Gartner Says the Cost of a Sensitive Data Breach Will Increase 20 Percent per Year Through 2009
Analysts Examine Security, Risk and Compliance Threats During Gartner Symposium/ITxpo 2007, October 7-12, in Orlando
STAMFORD, Conn., October 8, 2007 — Financially motivated targeted attacks are becoming more prevalent and new vulnerabilities continue to be reported, but 90 percent of these attacks can be avoided without requiring any increase in security spending, according to Gartner, Inc. However, ensuring one’s enterprise is not part of the 10 percent requires implementing security processes to monitor and manage vulnerabilities and provide strong identity and access management capabilities.Gartner analysts discussed the critical technology and organizational “dos and don’ts” for successful enterprisewide security at Gartner Symposium/ITxpo 2007, which is taking place here through October 12.
“The biggest attack risk to enterprises comes from targeted attacks,” said John Pescatore, vice president and distinguished analyst for Gartner. “In addition, phishing and identity theft attacks have caused the rise of ‘credentialed’ attacks, in which the attacker uses the credentials of a legitimate user.”
“Malicious software (malware) attacks also allow internal executables to be used to forward information to an external attacker,” Mr. Pescatore said. “Being aware of ‘inside out’ communications and being able to block those as effectively as ‘outside in’ is becoming increasingly important. Security strategies must reduce the cost of dealing with mass attacks to free up investment and personnel resources to evolve capabilities for dealing with these more-complex targeted attacks.”
Gartner analysts estimate that the cost of sensitive data break will increase 20 percent per year through 2009. While mass attacks such as worms and viruses have continued, the investments that enterprises have made in intrusion prevention, vulnerability management and network access control have paid off, as those simple mass attacks have succeeded much less often. However, the attackers are now more financially motivated and have launched new waves of attacks that, when successful, cause enormous damage to the bottom line, but that often go unreported.
Gartner says that the average enterprise is spending more than 5 percent of the IT budget on security and close to 12 percent, if disaster recovery spending is included. However, Gartner has seen little or no correlation between enterprises that spend the most on security and enterprises that are the most secure. While there are definite areas that require additional investment, there are just as many areas of security that can be done more efficiently.
“The most effective ways to become more secure while reducing security spending are to avoid vulnerabilities — to ensure that security is a top requirement for every new application, process or product, whether built in-house or acquired from a vendor” said Ray Wagner, managing vice president for Gartner. “Just as important is understanding where security funds are being spent and where that spending is effective or ineffective. Security metrics should be established for all major security spending areas.”
The approach to security needs to move from a reactive approach to a mix of strategic planning and rapid tactical execution. “The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today’s mature threats — viruses, worms and denial-of-service attacks — to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats,” said Mr. Pescatore.
About Gartner Symposium/ITxpo
Symposium/ITxpo is the industry’s largest and most strategic conference for senior IT and business professionals. More than 6,000 senior business and IT strategists from virtually all major industries will gather to gain the latest advice on the biggest challenge: driving profits and performance with IT. Gartner's annual Symposium/ITxpo events are key components of attendees’ annual planning efforts. They rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges and improve operational efficiency. Additional information is available at www.gartner.com/symposium/us.
Contact:
Christy Pettey
Gartner
+1 408 468 8312
christy.pettey@gartner.com
About Gartner:
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.
