When it comes to intrusions, size matters
A survey of enterprise IT managers and network administrators that has been conducted annually since 2005 shows that there has been a gradual increase in smaller enterprises experiencing intrusions of their user machines, office network, and/or servers, while intrusion rates for large enterprises have fluctuated in the last three years.
According to this year’s findings from the seventh annual survey of 350 IT managers and network administrators executed by Amplitude Research, half of small enterprises experienced an intrusion of their user machines, office network, and/or servers versus 36% in 2005.
Meanwhile, intrusion rates experienced by large enterprises have been up and down the past three years, but this year there was a significant decline among large companies reporting a successful intrusion from 67% in 2010 to 49% in 2011.
In the previous year’s study, a significant increase of intrusions among large companies was reported, jumping from 41% in 2009 to 67% in 2010. However, the number of large companies that reported an intrusion declined from 56% in 2008 to 41% in 2009.
The last four years survey results were steady among midsize companies: 58% in 2011, 59% in 2010, 57% in 2009, and 61% in 2008 reported an intrusion. Yet “steady” is not necessarily good news, as more than half of those representing midsize companies reported an intrusion.
“Among small companies, 50% in 2011 reported a successful intrusion,” said Steve Birnkrant, CEO of Amplitude Research. “This was not significantly higher than in 2010, when 43% of small companies reported a successful intrusion. However, the 2011 result was significantly higher than in 2005, when 36% of small companies reported a successful intrusion. This suggests that the risk of intrusions for small companies has been growing gradually over many years.”
Birnkrant added that intrusions experienced by enterprises were not trivial matters. “It was still true in 2011, as in 2007 through 2010, that the intrusions reported often had a potentially ‘high’ or ‘medium’ financial impact and/or intruders may have obtained sensitive information,” said Birnkrant.
The survey defined “small” enterprises as those with 100 to 999 U.S. employees (those with fewer than 100 employees were labeled “micro-sized”); “midsize” with 1,000 to 4,999 employees; and large enterprises with 5,000 or more employees.