A damaging cocktail of low confidence, reduced investment and lack of trust in critical areas of IT is affecting organizations' ability to recover from disruptive incidents such as unplanned downtime, security breaches and data loss, according to new research commissioned by EMC.
Conducted by market research firm Vanson Bourne, the Global IT Trust Curve survey interviewed 3,200 people from 16 countries across a total of 10 private and public industry sectors. Respondents were quizzed on the ability of their organization's deployed security, backup and recovery, and continuous availability technologies, with 50% of respondents being IT decision makers and the other half from the business side.
Based on the responses, EMC categorized organizations into four levels of IT infrastructure maturity. At the lower end, 17% of respondents came out as 'Laggards', followed by 'Evaluators' (41%), 'Adopters' (36%) and, at the front of the pack, 'Leaders' (8%).
Organizations at the lower end of the scale put themselves at a higher risk of security breaches, the survey found. Those in the Laggard segment lost one and a half times more money in the last 12 months as a result of downtime than those in the Leader segment.
RSA Chief Security Architect Rashmi Knowles said that many organizations are still investing in "the wrong anti virus and firewall solutions on the basis that they're prevention technologies".
She said: "We know there is no perimeter any more and companies are investing in tech that's not doing any good - they should be focusing on the threats today. In the public sector, only 20% were considering security analytics or were using it, so there's a long way to go."
The survey showed that risk carried across the board into different parts of the IT estate. 32% of Laggards indicated they had a backup and recovery system in place, versus 55% of Leaders. Similarly, 40% of Laggards use information security (versus 64% of Leaders), and the same percentages arose when asked about deployment of continuous availability solutions.
Overall, 45% of senior executives indicated they lack confidence in their data protection, security and IT availability, and 61% said they have suffered unplanned downtime, a data loss or a security breach in the last 12 months.
Dave Martin, Chief Security Officer at EMC, said that mature companies are better prepared for security breaches, data loss or downtime, although this does not mean they are exempt from setbacks.
He said: "It's fair to say that mature companies will still have the problem. Just because you're a very mature company you can't mitigate all of those issues, but when they do affect you, hopefully your time to recover from that breach or spam would be better."
China ranked as the most mature country, which Knowles put down to "culture and the country's self-reported perception" of IT infrastructure maturity.
She said: "They probably like to think they have all the systems in place, and another reason is that all common impediments we see in this space today - around things like resources, having skilled people and budgets - are to an extent exempt from China today."
The US ranked second, ahead of South Africa in third, and the UK languished in eighth. David Goulden, Chief Operating Officer at EMC, said that the UK's position was likely lower due to its greater capability to report security breaches (versus other countries).
He said: "The UK had double the average reported number of security incidents than other countries. Those in EMEA have a good record of what they're losing - lots of other countries don't realise they've lost data. What we're seeing is much better reporting, so the figures are much higher. The leaders are able to tell us exactly what level of data has been lost."