IBM survey on cybercrime shows IT managers wary

Network World - In a survey of 600 IT managers in the U.S. regarding their views on cybercrime, IBM found that three quarters of them believe threats to corporate security now come from inside their own organizations.

That, and other findings published by IBM on Tuesday, indicate a deep wariness about insider threats as well as attacks arising from outside the company. According to the interviews, which were conducted by Braun Research on behalf of IBM, there's a shared belief among 84% of those surveyed that organized criminal groups with technical sophistication are replacing the lone hacker as the main threat from the outside.

In addition to the U.S.-based research, which took place from December 2005 to January, IBM also had Braun Research conduct a survey of 2,401 IT executives at international businesses in 16 countries, including China, the U.K., India, Russia, Poland, Germany, Japan and Canada, to compare the perspectives elsewhere.

According to IBM, one difference of opinion between IT managers in the U.S. and their counterparts in other countries is that 83% of U.S. businesses "boast that they have adequate safeguards in place to combat organized cybercrime." That is in contrast to just 53% of their international counterparts claiming to have such safeguards in place, IBM says.

The measures that U.S. IT managers regarded as most important to prevent cybercrime are as follows: keeping antivirus software and firewalls up to date, using intrusion detection and prevention (IDS/IPS) technologies, and implementing vulnerability/patch management on their networks.

International IT managers put slightly more emphasis on using IDS and IPS, and far more on file encryption (18% of the international businesses surveyed thought this to be a high priority, while only 7% of U.S. businesses did).

The majority of IT executives in the U.S. and internationally regarded loss of revenue and loss of customers to have the highest cost impact should their companies fall victim to cybercrime.

However, damage to brand and reputation loomed larger in the minds of international IT managers (cited by 69%) than those in the U.S. (cited by only 40%).

Meanwhile, legal fees to cope with cybercrime worried U.S. IT managers more (33%) than those internationally (19%).

IBM also tallied the responses according to industry sector in the U.S. According to the survey, 50% of the finance industry's respondents are more concerned about cybercrime in comparison to physical crime. That compared with 38% from other industries, including manufacturing, retail and health care.

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2009 Network World, Inc. All rights reserved.