Study: E-Biz Worries More About Consumer Confidence Than Security Losses

Just over 12 percent of U.S. companies with a Web presence said that they have suffered direct financial losses due to an online security breach, but more than 40 percent said they are more worried about how online security invasions will affect their customers, according to Jupiter.

"While Code Red and other highly-publicized security breaches have filled headlines, most Web site managers are not particularly concerned about the security of their site's data," Jupiter senior analyst and research director David Schatsky said.

Customers First

While maintaining consumer confidence in the face of security issues is important, Jupiter analysts said, failing to ensure that e-business security programs provide direct financial value to the company is contributing to poorly planned online security spending.

According to the report, titled "Enterprise Security: Managing Services for Maximum Coverage," enterprises should outsource a significant portion of their Web site security technology in order to stay safe -- and under budget.

"There is a fundamental lack of understanding out there when it comes to the gravity of security breaches," Schatsky said. "As businesses consolidate their enterprise data, it becomes easier for attackers to reach. Even if files on the Web server itself are relatively inconsequential, a hacker can reach through customer-facing applications to data used by other systems."

Do-It-Yourself Risk Management

According to an executive survey conducted by Jupiter, 49.5 percent of Web site managers and chief information officers (CIOs) consider the sensitivity of their site's data to be "low." Jupiter analysts believe that those e-businesses are dramatically undervaluing their assets.

Nearly a third of these managers and CIOS classify their data sensitivity as "high," Jupiter said.

The survey also indicated that 29 percent of Web site managers and CIOs rate their risk of attack as "low." According to Jupiter, any business "bothering to support a Web site should be concerned about an attack, and those who admit that their data is valuable to others should be doubly concerned."

Stay Current

Although electronic security issues should be monitored and managed internally, businesses need expert advice, the latest technology and a 24-hour emergency response team to make it work, Jupiter said.

"Do-it-yourself security is short sighted," Schatsky said. "If you're talented and lucky, you can get by in a pinch, but it's going to catch up with you."

The new Jupiter report is based in part on an executive survey conducted in July. In preparing the report, Jupiter compiled the responses of nearly 500 information-technology executives -- including CIOs, chief technology officers, and vice presidents of IT -- all of whom work for companies with annual revenues of US$50 million or more.