nCircle Survey: Improved Oversight Measures Are Not Reducing US Federal Cyber Risk

SAN FRANCISCO--(BUSINESS WIRE)--nCircle, the leader in information risk and security performance management solutions, today announced results of the nCircle 2012 Federal Information Security Oversight and Legislation Trend Study. The company surveyed over 100 respondents in the federal IT security community, including senior management, IT operations, security professionals, and risk and audit managers from government agencies and contractor organizations.

“These survey results suggest that federal IT security professionals are not seeing any relief from the array of initiatives designed to improve compliance with security standards”

Respondents were asked to provide their opinions on the current threat landscape in the federal government and to give insights into information security oversight and legislation.

Highlights from the study include:

• Of the three distinct categories of attackers, 46% of respondents believe cyber crime is the most significant security threat, 40% believe nation-states are the most significant security threat, and 14% believe hacktivism threats are the most significant.
• Respondents believe that advanced persistent threats pose a greater risk to the public sector.
• 93% of respondents believe data breaches will increase this year.
• 58% of respondents believe government should not regulate cyber security for the private sector.
• 70% say proposed legislation will not improve cyber security in the private sector.
• When asked if CyberScope is helping to ease the burden of FISMA on government agencies, 82% said “no”.
• At least one-third of agencies report they have not yet participated in a CyberStat Review session.
• Only 8% of those who have participated in a CyberStat review say it has improved their agency’s overall security performance.
• Limited budgets are the greatest challenge for the implementation of continuous monitoring programs.
• 49% of respondents recognize that their agency’s continuous monitoring efforts to date have not resulted in measurable reduction of risk.

“These survey results suggest that federal IT security professionals are not seeing any relief from the array of initiatives designed to improve compliance with security standards,” said Keren Cummins, nCircle's director of federal markets. “Continuous monitoring has the potential to dramatically reduce risk and facilitate compliance with FISMA, but these benefits haven’t been realized. Respondents also indicated that federal initiatives like FedRAMP and CyberScope haven’t delivered on their promises yet.”

The online and in-person study was conducted between April 19 and July 6, 2012. nCircle has conducted the annual study for three years and this year decided to add targeted questions to focus on several key federal information security initiatives that have significantly impacted government risk management. To see the complete study, please visit: http://www.ncircle.com/index.php?s=resources_surveys_Federal-Oversight-and-Legislation-Trends-2012

About nCircle

nCircle is the leading provider of information risk and security performance management solutions to more than 6,500 businesses and government agencies worldwide. nCircle solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at http://www.ncircle.com. nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.