Even though a majority of IT managers have reported an increase in attacks since last fall -- either through phishing e-mails, Web sites laced with malicious code, or, to a lesser extent, from disgruntled rogue employees and organized crime -- 57 percent of managers surveyed said they expect their top challenge in the next year to be "budgetary constraints."
The survey covered around 150 C-level executives and managers in charge of security infrastructures for their companies.
"Companies tend to focus too much on the spectacular attacks (zero-day and organized crime) versus the mundane but extremely costly attacks (phishing, malware)," said Andreas Antonopoulos, Senior Vice President and Founding Partner at Nemertes Research, in a statement. "Security controls should be driven by risk/reward calculations that soberly evaluate the impact on the business, rather than sensationalist media reports. Security professionals know where the real threats are but often find it difficult to quantify and explain the risks to senior management."
IT managers are also worried about lack of employee education, lost or stolen devices, employee mistakes and getting their bosses' buy-in for security, the survey said.
But cuts in corporate budgets don't necessarily match the managers' concerns. Around 20 percent said they expect to have to bypass or curtail investments in encryption, authentication, application security, telecom security and protection against denial-of-service attacks by hackers this year.
Fifteen percent expect fewer investments in wireless security and endpoint security, and eight percent said investments in e-mail security will likely be cut.
InformationWeek Analytics has published an independent analysis on data-loss prevention. Download the report here (registration required).