89 percent of ANZ organisations face cyber attack

Symantec study finds 43 percent of ANZ IT executives rate security their number one issue

Australian and New Zealand organisations are more likely to be the targeted by cyber attacks than the global average, according to new research from security software maker Symantec.

According to the company's State of Enterprise Security study for 2010, 75 percent of global organisations report such attacks while 89 percent of ANZ organisations report being targeted. However, according to a separate split of the data for New Zealand, all the organisations responding to the survey from here reported being targeted.

Thirty six percent of organisations globally and 34 percent in ANZ rated these attacks as somewhat or highly effective, while attacks cost global businesses an average of US$2 million a year.

The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries conducted in January 2010. 75 responses were from New Zealand and 125 from Australia.

It also found that 42 percent of the IT executives surveyed globally and 43 percent in ANZ rate security their top issue.

Organisations reported that enterprise security is becoming more difficult due to understaffing while new IT initiatives are also making security harder to achieve. These include technology changes such as infrastructure-as-a-service. platform-as-a-service, server virtualisation, endpoint virtualisation and software-as-a-service.

The top three reported losses globally were theft of intellectual property, theft of customer credit card information or other financial information, and theft of personally identifiable information.

In ANZ, the top three reported losses were theft of corporate data, at 53 percent; theft of personally identifiable information, at 53 percent, and identity theft, at 37 percent. These losses translated to monetary costs 92 percent of the time.

Craig Scroggie, Symantec's vice president and managing director for the Pacific region, says most ANZ organisations now believe security budgets will increase year-on-year, while moves to introduce data breach notification laws in the region will only put more focus on the issue of information security.

Scroggie says a risk-based approach to securirty is required, where investment is targeted at keeping the most sensitive information types secure rather than paying for high levels of security for all kinds of information.

"Organisations can't deliver the same level of security everywhere and have to prioritise," he says. He adds that automation, real-time attack information and improved patch distribution are required.

Scroggie says attacks usng malicious code, such as the Conficker virus attacks earlier this year and most recently at Waikato District Health Board, are growing fastest in ANZ.