Quocirca Reports | Quocirca Articles | Key Analysts | Questions & Answers
Security Barometer Survey
This "Barometer" survey has been carried out in conjunction with The Register. These surveys, which are completed by a group of self-selecting volunteers from The Register's readership, are aimed at giving a broad scale view of the perceptions from the"coal face" - from the very people who face the technical problems on a day-to-day basis.
Key Findings

It must be remembered that the findings from this research comes from the technical groups within the business community, and that the findings do not, therefore, naturally gel with Quocirca's other research where perceptions from Line of Business people have been canvassed. However, with the sample size that we get from The Register Barometer surveys, the findings are valid within the technical arena - and negative feeling within this group can stop a deal very easily.

IT security is high on the agenda of most companies, and so it should be. There are a number of discrepancies however, largely driven by psychological factors. Of particular significance is that existing security policies are seemingly doing little to improve the security of organisations. They should not be seen as an end in themselves, and may be in need of urgent review

  • Security understanding is still victim to the fear factor
    In this post downturn age of IT, we would hope that security understanding replicates the increased drive we see towards IT efficiency and effectiveness. However, there is considerable evidence that psychological factors are still as important as they ever were. For example, companies that suffered a security attack in the recent past are significantly more aware that they might suffer a similar attack in the future. Meanwhile, newer threats such as Spyware are - incorrectly - not yet seen as high risk.
  • Policy-based security enhances awareness
    It should be expected that companies that take a policy-based, proactive stance on security issues, such as companies who have implemented a formal security policy, would be better protected against security threats. The research seems to show that having a full policy and having no policy makes little difference - however, the analysis shows that this is down to lack of awareness of possible threats from those with no policy in place.
  • Security threats are being hyped above those of unscheduled downtime
    Roughly three times as many respondents had experienced unscheduled downtime due to software or hardware failure, compared to downtime due to security issues. We should not downplay the issues caused by security, indeed, some system failures may be caused by security problems without it being that obvious. However, companies should be treating downtime in the round.
  • Security issues are directly impacting individual productivity
    Respondents were quick to point out that there would be significant or some impact of security issues on either their individual productivity or as a cost to the business. Indeed, over half of respondents considered that they wasted a day or so every month dealing with security issues. This equates to a significant financial cost to industry. A proportion of respondents (at least 10%) have suffered the impact of some kind of security attack in the past three months.