The survey is part of BIT’s InnoSec research project and was conducted among corporate customers of two major players in the Finnish and international security service business: NIXU and Codenomicon. A total of 271 responses were collected from various roles with security experience within the surveyed companies.
The goal of the survey was to investigate 1.) if and how companies measure information security in their operations, and 2.) whether security considerations are perceived as having an influence on the development of products and direction of investments. The following shall give you a glimpse at some of the findings:
Preliminary study results suggest that companies today operate under highly pragmatic, but also promisingly visionary concepts of information security. Pragmatic, because they predominantly use security measurement as a toolset to decrease the risk of security related losses. At the same time many responders showed their visionary understanding of security as a potential opportunity to create and demonstrate the value of their companies’ offerings to the customer.
Study respondents have experiences with security incidents
Half of respondents had experienced security incidents in the past, either in their private life (50,9%) or their companies (40%). (Looking into the causes of these incidents was not part of the study, but interested readers are encouraged to head over to the recently published Verizon Security Report for more information on the subject. ) Given the high level of close-up experience with security incidents it was not too surprising that 89% of survey responders see the main goal of information security in minimizing the potential losses from such incidents.
Measuring Security is an opportunity to demonstrate value
However, security is no longer an exclusively defensive game. 72% of respondents recognized that their customers are asking for security, as part of their value proposition or as a quality attribute in a product. Companies have started to follow this demand from the customers’ side and nearly half (46%) of respondents now agree that Measuring Security is an opportunity to demonstrate value [to the customer or internal organization].
The present: Security influences product development - The future: soon to reflect in pricing
Already today, security considerations influence product development decisions of a large majority (72%) of respondents, but they have yet to be reflected in product pricing. While a mere quarter of respondents state the security issues have influenced their product pricing in the past, 40% agree that security will influence their pricing in the future.
As information security is a rapidly developing field, we seek to re-run and compare the study periodically from here on. The first publication of full results is expected to become available in early Q3 of 2012.
For more information contact christian.fruehwirth(at)aalto.fi