Organizations on average assigned 120 staffers to IT and compliance matters, with larger enterprises of 5,000 or more assigning 232. But much of the time this was seen as insufficient, with 51% of respondents saying finding qualified applicants was a "huge" or "big" problem.
Difficulty in finding the right expertise was a driver in all manner of outsourcing, including use of managed security services, which about half the organizations used. But only about half were truly "satisfied" with outsourcing arrangements, even as they contemplated expansion into software-as-a-service, platform-as-a-service, and infrastructure-as-a-service, which Symantec defined as everything from use of Google Apps to full-blown hardware and operating system rental on demand, making up today's evolving concept of "cloud computing."
In fact, 40% of the respondents indicated their organizations were currently using applications in the cloud in some way -- yet 40% said it would be more difficult to prevent or react to data loss under their firm's cloud-computing strategy.
And when asked "Does your cloud-computing strategy make the risk of losing data bigger or smaller?" 38% said it would be higher, with the reminder pretty much split saying it would be the same or lower. The answers broke the same way on the question of virtualization strategy.
When it comes to cyberattacks and data loss, the situation looks bleak based on the responses in the report.
Three quarters of respondents said their organization had experienced cyberattacks in the past 12 months, with 36% calling them "somewhat/highly effective." The annual cost of a cyberattack was pegged at more than $2 million for large enterprises when tallying up lost productivity, theft of intellectual property, loss of customers, legal fees and more.
"Every day we see new viruses, new spyware, new backdoors. It is beyond crazy," one IT director is quoted as saying. The survey showed the most frequent types of attacks were malware implantation, social-engineering ploys and denial-of-service (DoS) attacks.
On average, Web properties were targeted twice last year with the implanting of malware, and also suffered one significant DoS attack and one theft of information.
Data losses were attributed to numerous sources, including outsiders (20%) and accidental insider actions (15%).
Healthcare providers specifically reported 58% of data loss was accidental exposure of patient information, 22% was theft, with identity theft and even malware attacks on medical equipment a problem as well.
Patching is regarded by 87% of the respondents as one of the most effective measures to ward off cyberattacks, with about three quarters also putting trust in perimeter security and authentication processes, along with antimalware controls.