Protecting sensitive data is not the top security concern of e-comm businesses

BANGALORE, INDIA: Most people would imagine that protecting payment data would be the top priority for any business that deal primarily in online financial transactions. But according to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, Financial Organizations (banks and service providers) and e-Commerce providers (online retailers) don’t see the protection of financial information as more important than any other business…and in some cases, they believe it’s much less important than average.

Financial Institutions Step Up, E-Commerce Falls Down

According to the survey, e-Commerce as an overall industry segment pays significantly less attention to guarding sensitive payment information and protecting their systems from IT security breaches. This seems highly counter-intuitive from what might be expected of a company that exists solely to process online transactions, but the responses regarding almost all aspects of e-Commerce security were notably lower than the average responses of traditional businesses.

For example, the survey asked each business about the top concerns of the IT department…

The highest overall response was “Protecting highly-sensitive data (including financial information) from targeted attacks,” an answer given by an average of 34% of businesses.  The responses from the e-Commerce segment were lower than this average, at 28%.

The second-highest overall priority of the IT department was “Preventing IT security breaches,” given by 29% of all businesses.  Again, the responses from the e-Commerce section were lower than average, at 22%.

Another high-ranking concern for the IT department was “ensuring continuity of service for business-critical systems,” cited as a top concern by 23% of businesses overall.  E-Commerce again came in lower than average at 19%, which is shocking since their entire revenue stream could be cut off by a DDoS attack.

It should be noted that the e-Commerce segment wasn’t just “lower than average” for these questions…the e-Commerce segment’s responses were the lowest of all business segments. So if the IT departments of e-Commerce businesses aren’t focused on preventing targeted attacks, data breaches, or network outages, then what are they focused on?  “Client Management” was the one response that e-Commerce businesses ranked far higher than any other business (34%, compared to an average of 17%).

But  ….

“Protecting highly-sensitive data (including financial information) from targeted attacks,” was the top IT security concern, cited by 34% of businesses.  Financial Institutions rated this as a top concern by 38% of Financial Institutions, the second-highest response rate.

“Preventing IT security breaches,” rated as a top concern by 29% of all businesses was rated at 30% by Financial Institutions, again the second-highest response rate for this task.

“Ensuring continuity of service for business-critical systems,” cited as a top concern by 23% of businesses overall, was cited by 26% of Financial institutions, again the second-highest response rate for this task.

Other Differences (And Occasional Similarities) in Attitudes

These differences in attitudes towards the security of financial information was evident in other questions as well.  When asked “What type of data loss would be most potentially damaging,” unsurprisingly, Financial Institutions ranked “financial information” the second-highest rating of any business segment at 24%, while e-Commerce gave this response only a 7% response rate.  When the all the responses were added up, the survey found that 37% of Financial Institutions rated any sort of internal or customer financial data as the most damaging type of data they could possibly lose, the highest response rate of all business segments.  Once again, e-Commerce lagged behind at 21%, the second-lowest.

An interesting convergence of opinions occurred around responses less focused on financial information and more focused on customer information in general.  Losing “customer/client information” was ranked as highly-damaging by 29% of Financial Institutions, and this time, e-Commerce wasn’t as far behind at 21%.  But by far, the biggest divergence on this question involved the importance of intellectual property.  E-Commerce businesses rated “intellectual property” and “market intelligence/competitive intelligence” as the two types of data they fear losing the most, and rated these higher than any other segment at 21% and 18%, respectively.  In comparison, “intellectual property” was rated as data they “most feared” losing by only 7%, of Financial Services businesses, with “market intelligence/competitive intelligence” at 9%.