RSA survey shows security confidence low, but people buy anyway

U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc.

Three-quarters of businesses surveyed said they have completed more online transactions in the last year than previously, and only 1 percent said they saw a decline. But 67 percent of U.S. businesses reported some concern about the vulnerability of their networks, while 37 percent of businesses in the U.K., France and Germany also expressed security concerns.

Results from business and consumer respondents to the survey showed a gap between security confidence and use of the Internet for transactions, said RSA in its first Internet confidence security index.

“The challenge for (security vendors) is figuring out how to close the gap, how to help businesses close the gap,” said John Worrall, RSA’s senior vice president of marketing. “What happens if this is a problem going forward and people have bad experiences?”

The results suggest that both consumers and businesses believe they’re taking some chances by conducting business online, said Art Coviello, RSA’s president and chief executive officer. It is “astonishing to see the extent to which both groups are willing to assume some level of risk,” he said in a statement.

Separately, a survey released by the Business Software Alliance (BSA) found that IT decision makers in North America and Europe have grown more concerned about security over the past two years. Seventy-eight percent of respondents in the BSA survey said they have increased the number of IT security projects, and three quarters said IT security has become a critical part of their business planning.

Of the risks associated with lax information security, IT decision makers were most concerned about losing business due to system downtime, encompassing 81 percent of respondents. Seventy-four percent said legal compliance and liability was a concern, and 73 percent said protecting the value of the secured assets was a concern.

The study, commissioned by BSA and conducted in January by Forrester Consulting, was released Tuesday at the 2006 RSA Security Conference. Forrester surveyed 410 IT decision makers in the U.S., U.K., Canada, Germany and France.

In the RSA survey, 86 percent of U.S., U.K. and French companies consider that their online dealings are “quite,” “very,” or “extremely” secure, but only 64 percent of German business respondents felt the same way.

While 49 percent of respondents said that confidential information is most vulnerable to theft or misuse during transmission of information, 27 percent of businesses cite their organization’s network as a point of vulnerability.

The RSA survey conducted online with 601 business respondents and 603 consumers in the U.S., U.K., Germany and France. The data was gathered in September and December 2005 by Momentum Research Group.