While 78 percent of large companies say their databases are "critical" or "important" to their business, 40 percent of them don't monitor databases for security purposes.
Those are the primary results of a Ponemon Institute research study released Thursday that surveyed 649 IT executives.
Ponemon's report, titled "Database Security 2007: Threats and Priorities within IT Database Infrastructure" also indicates that 57 percent of the IT executives surveyed admitted their organizations haven't taken "adequate measures" to protect against malicious insiders, and 55 percent acknowledged there had no "adequate measures" in place to prevent data loss.
Eighty percent of the surveyed IT executives said their organizations have more than 100 databases, primarily a multiplatform environment including Microsoft SQL, Oracle and IBM DB2.
The study, sponsored by Application Security, reported that 78 percent of the respondents have corporate IT budgets in excess of US$30 million. According to the study, this segment increased spending for IT security from 17 percent to 23 percent of the total IT budget from 2006 to 2007. Smaller companies were said to have increased security spending from 14 percent to 18 percent of the total IT budget.
The top priority among the IT executives responding was not database security and monitoring for suspicious activity. The most critical priorities the IT executives cited for this year were upgrading existing applications, consolidating IT and improving efficiency.
In its conclusion, Ponemon stated, "Even in the face of frequent, expensive, and highly publicized breaches, respondents have not made protecting customer and employee information a high priority." The research firm added it considered its "observations are preliminary" and would do further research on the topic.