According to a recently released study conducted by The Strategic Counsel and sponsored by CA, company that specializes in providing IT management software solutions, while external security threats are going down, insider related ones are increasing. In the last year alone, consumer discontent in regard to data loss incidents has increased by 65%, 10% more than in 2006.

Lina Liberti, Vice President of CA, comments: "The survey points to an increase in the severity of consequences of internal breaches. The implications are now tied squarely to dollars and reputation. The potential aftershocks of an internal breach have the attention of both the business and the IT organization, and for enterprise organizations the priority has now shifted from reactive to proactive security strategies to deal with this threat."

The study reports that data loss incidents affect an organization on an additional three levels: "loss of productivity, loss of trust, and embarrassment". In 2008, the loss of productivity has increased by 9%, reaching a total value of 61%. Regarding the loss of trust, the figure reported for 2008 is of 35%, 5% more as opposed to 2006. The embarrassment factor shows a similar 5% increase, reaching a value of 33% in 2008.

It seems that while external security threats are kept in check, and even show signs of decrease, internal ones have increased by 2% in 2008. Out of all the survey respondents, a total of 44% have indicated that internal breaches represent one of the biggest security challenges the company has to face. The same respondents have stated that virus, network and denial-of-service attacks have gone down. Virus attacks by 9%, network attacks by 10% and DoS attacks by 14%.

The study has also shown that the amount of money companies are willing to invest in IT security is on the increase. Corporations are spending about 20% more on IT security and IT security compliance. Still, about a third of security executives consider this amount insufficient and believe further funding is in order.

The most recent case of IT security being put in jeopardy by an insider is the one related to the San Francisco disgruntled network admin.