This marked the highest reporting percentage for large US companies since 2005, according to the annual survey of 350 IT managers and network administrators conducted by Amplitude Research for VanDyke.
For other sizes of companies, the proportion reporting an unauthorized intrusion was fairly steady, according to the survey.
Among midsize companies (1000 to 4999 US employees), the proportion reporting an intrusion was 57% in 2009 and 59% in 2010. For small companies (100 to 999 US employees), the proportion reporting an intrusion was 45% in 2009 and 43% in 2010. For "micro-size" companies (fewer than 100 US employees), the proportion reporting an intrusion was 25% in 2009 and 25% in 2010.
For the first time in the annual survey, respondents were asked to describe what they thought was the cause of the intrusion. Hacker/network attack was the most common source of intrusion (14%), followed by lack of adequate security policies or measures (12%); employee web usage (10%); virus, malware, or spyware (9%); employee carelessness (8%); disgruntled employee (6%); weak password policy (5%); lack of software updates (5%); and software security flaw (5%).
IT managers and administrators were asked what the biggest intrusion risks are for the future. Respondents identified the following threats: viruses, spyware, malware, trojans, worms, and spam (25%); hacking (17%); user error, carelessness, uneducated about security (12%); disgruntled employees, internal unauthorized access, and sabotage (5%); and theft, loss of data, information, and leaks (5%).