74% of Security Executives Concerned about Impact of Payment Card Data Loss

According to real-time survey conducted at Jericho Forum Conference, InfoSecurity Europe Over 90% of European security professionals polled believe networks will be deperimeterised in five years’ time

London, UK - April 26, 2007 - Qualys, leading provider of on-demand compliance and vulnerability management, announced today that 74% of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern. In addition, the majority of European professionals – over 90% - are already preparing for deperimeterisation. These and other findings come from a live survey of over 80 security professionals conducted at the Jericho Forum Conference at the InfoSecurity Europe tradeshow on Tuesday.

The polling was carried out by Qualys in association with the Jericho Forum and featured twelve key questions relating to business issues of importance to senior security executives. Qualys had conducted a similar survey at the CSO Interchange event held at the RSA tradeshow in San Francisco in February. Results highlight key differences between security pre-conceptions of US executives as compared to their European counterparts.

“The fact that the majority see the effect of data loss on brand reputation as their biggest concern not only demonstrates the awareness built by incidents such as the TJ Maxx data breach but clearly also reflects on the changing role of CSOs today. No longer are security professionals pure technologists. They are now taking on more responsibility at a corporate level and realise that security needs to be moved higher up the business agenda,” said Philippe Courtot, Chairman and CEO of Qualys, who opened the Jericho Conference yesterday with a call to action for vendors to support Jericho by rising to the challenge of designing to the Jericho Blueprint.

The survey also shows that European professionals are ahead of their US counterparts in relation to deperimeterisation. 90% believe it will happen in the next five years and that companies will not be operating with a hardened perimeter. In contrast US executives will demonstrate some reliance still on a perimeter for corporate security.

“European organisations have clearly grasped the fact that deperimeterisation will happen in the next five years. It’s clear that Europeans are far better prepared to address future security business needs than their US colleagues and are preparing to embrace a perimeter-less future” said Paul Simmonds, Global CISO for ICI and Jericho Forum board member.

However Europeans need to catch up on US counterparts with regard to PCI compliance. Only 39% of Europeans are currently acting on the need for PCI compliance whereas in the US 63% are active. In the US there is greater pressure to drive incidents such as TJX in to the open and in Europe there is no directive on disclosure.

Over 50% of executives both sides of the Atlantic see compliance as the biggest driver in their security strategy.

Other key findings from the survey show:

  • 69% of European executives believe that insider threats pose more serious problem than threats from outside the organization. Considering 80% of security budget is spent on strengthening the perimeter this suggests a real need to shift the focus.

  • Europe is more reliant on ISO 17799 with over 82% of professionals using it within their company and 15% of these already certified.

  • In relation to security metrics Europe was somewhat behind with 39% currently defining their metrics and only 29% with mature metrics in place.

  • Software-as-a-service is clearly gaining momentum in Europe with 26% of Europeans surveyed already deploying SaaS and a further 29% actively considering it.

“The polling data clearly indicates that both in the US and in EMEA regulatory issues drive the investment in security. It also suggests that European organizations are more aware of the need to rethink how they secure their computing infrastructure in a world that is becoming ever more global and interconnected.” said Philippe Courtot, Chairman and CEO of Qualys.

About Jericho Forum

See www.jerichoforum.org

About Qualys

Qualys, Inc. is the leading provider of on demand security risk and compliance management solutions. Qualys is the only security company that delivers these solutions through a single software-as-a-service platform. QualysGuard allows organizations to strengthen the security of their networks and conduct automated security audits to ensure compliance with policies and regulations. As a scalable and open platform, QualysGuard enables partners to broaden their managed security offerings and expand their consulting services. Qualys’ on demand solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate view of their security and compliance posture. QualysGuard is the widest deployed security on demand solution in the world, performing over 150 million IP audits per year. For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com