Qualys has published the results of a survey showing that 74 per cent of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern. In addition, the majority of European professionals - over 90 per cent - are already preparing for deperimeterisation.

The polling, comprising only around 80 respondents, was carried out by Qualys in association with the Jericho Forum and featured twelve key questions relating to business issues of importance to senior security executives. Qualys had conducted a similar survey at the CSO Interchange event held at the RSA tradeshow in San Francisco in February. Results highlight key differences between security pre-conceptions of US executives as compared to their European counterparts.

"The fact that the majority see the effect of data loss on brand reputation as their biggest concern not only demonstrates the awareness built by incidents such as the TK Maxx data breach but clearly also reflects on the changing role of CSOs today. No longer are security professionals pure technologists. They are now taking on more responsibility on a corporate level and realise that security needs to be moved higher up the business agenda." Said Philippe Courtot, Chairman and CEO of Qualys, who opened the Jericho Conference.

The survey also shows that European professionals are ahead of their US counterparts in relation to deperimeterisation. 90 per cent believe it will happen in the next five years and that companies will not be operating with a hardened perimeter. In contrast US executives will demonstrate some reliance still on a perimeter for corporate security.

"European organisations have clearly grasped the fact that deperimeterisation will happen in the next five years. It's clear that Europeans are far better prepared to address future security business needs than their US colleagues and are preparing to embrace a perimeter-less future" said Paul Simmonds, Global CISO for ICI and Jericho Forum board member.

However Europeans need to catch up on US counterparts with regard to PCI compliance. Only 39 per cent of Europeans are currently acting on the need for PCI compliance whereas in the US 63 per cent are active. In the US there is greater pressure to drive incidents such as TJX in to the open and in Europe there is no directive on disclosure.

Over 50 per cent of executives both sides of the Atlantic see compliance as the biggest driver in their security strategy.

Other key findings from the survey show:

• sixty-nine per cent of European executives believe that insider threats pose more serious problem than threats from outside the organization. Considering 80 per cent of security budget is spent on strengthening the perimeter this suggests a real need to shift the focus
  
• Europe is more reliant on ISO 17799 with over 82 per cent of professionals using it within their company and 15 per cent of these already certified
  
• in relation to security metrics Europe was somewhat behind with 39 per cent currently defining their metrics and only 29 per cent with mature metrics in place
  
• software-as-a-service is clearly gaining momentum in Europe with 26 per cent of Europeans surveyed already deploying SaaS and a further 29 per cent actively considering it.

"The polling data clearly indicates that both in the US and in EMEA regulatory issues drive the investment in security. It also suggests that European organizations are more aware of the need to rethink how they secure their computing infrastructure in a world that is becoming ever more global and interconnected." said Philippe Courtot, Chairman and CEO of Qualys.

Related links: (Open in a new window.)
www.jerichoforum.org
www.qualys.com

View printable version (opens in new window)
Back