INFORMATION SECURITY:
A SURVEY OF IT PROFESSIONALS
Dimensional Research
September 2011
Introduction
The threat of technology-based security attacks is well understood, and IT organizations have tools and processes
in place to manage this risk to sensitive corporate data. However, social engineering attacks are more challenging to
manage since they depend on human behavior and involve taking advantage of vulnerable employees. Businesses
today must utilize a combination of technology solutions and user awareness to help protect corporate information.
The following report, sponsored by Check Point, is based on a global survey of 853 IT professionals conducted in
the United States, United Kingdom, Canada, Australia, New Zealand, and Germany during July and August 2011.
The goal of the survey was to gather data about the perceptions of social engineering attacks and their impact on
businesses.
Key Findings
Sponsored by
www.dimensionalresearch.com
September 2011
Detailed Findings
Highly
aware
39%
35%
Aware
All IT Professionals
12%
3%
Somewhat
aware
Never
heard
of
it
62%
Security Professionals
2%
0%
0%
10%
20%
30%
40%
50%
60%
70%
Not
that
I
am
aware
of
41%
Yes
43%
Never
16%
Page 2
www.dimensionalresearch.com
September 2011
The highest rate of social engineering attacks (61%) was reported by participants who work in energy and utilities.
Nonprofits experienced the lowest level of social engineering attacks (24%).
51%
46%
Compe<<ve advantage
40%
14%
Other
4%
0%
10%
20%
30%
40%
50%
60%
Motivations for social engineering attacks varied slightly in different countries. Australians (61%) and Americans
(52%) were the most likely to cite financial gain as a motivation. Germans reported more revenge-motivated attacks
(18%), while Canadians were more likely to experience attacks motivated by competitive advantage (54%).
12%
15%
33%
20%
All
companies
5-24
Less
than
5
1mes
32%
20%
36%
32%
Page 3
www.dimensionalresearch.com
September 2011
30%
13%
13%
$50,000 - $100,000
All companies
16%
13%
$25,000 - $50,000
14%
12%
$10,000
-
$25,000
Less
than
$10,000
38%
32%
Across industries, financial services and manufacturing reported the highest average per-incident cost, and
educational institutions and non-profits reported the lowest costs.
Page 4
60%
44%
46%
56%
53%
38%
34%
33%
55%
56%
High risk
32%
23%
6%
New employees
11%
9%
Contractors
Execu?ve
assistants
11%
12%
www.dimensionalresearch.com
22%
Low
risk
No
risk
IT personnel
September 2011
26%
40%
19%
15%
0%
Other
2%
Phishing
emails
47%
Social
networking
sites
39%
Page 5
www.dimensionalresearch.com
September 2011
Trojans
48%
Phishing
26%
Targeted threats
22%
Botnets
16%
Drive-by
downloads
Other
1%
0%
10%
20%
30%
40%
50%
60%
Survey Methodology
In July 2011, an independent database of IT professionals was invited to participate in a Web survey on the topic
of social engineering and information security sponsored by Check Point. A total of 853 respondents across the
U.S., UK, Canada, Australia, New Zealand, and Germany completed the survey, all of whom had responsibility for
securing company systems. Participants included IT executives, IT managers, and hands-on IT professionals and
represented a wide range of company size and industry verticals.
IT
execu(ve
30%
IT
security
is
a
part
of
my
job
69%
IT
security
is
my
en.re
job
31%
IT
manager
41%
Page 6
Company
Size
Less
than
100
7%
5,000
15,000
15%
100-1,000
35%
1,000
5,000
29%
www.dimensionalresearch.com
September 2011
Page 7
www.dimensionalresearch.com