Most Corporations Don't Trust That Their Web Applications Are Secure

October 17, 2007; 05:16 AM

SANTA CLARA, CA-- Cenzic, Inc., the leading provider of application security vulnerability assessment and risk management solutions, and Executive Alliance today released the results of a study that examines that state of application security entitled "The Voice of IT Leadership on Web Security: 2007." The survey focuses on security issues and insights affecting the C-level executive, with the results reflecting responses from 476 information security professionals.

The survey uncovered that among executives there is a general lack of confidence in current solutions and methods protecting companies from being hacked, with half of respondents either partially or not at all confident that their current application security methods and solutions can protect their organization's Web site from hackers.

"This survey confirms what we've heard from our customers, that most corporations don't trust that their Web applications are secure," said John Weinschenk, CEO and president of Cenzic. "Companies are struggling to protect their Web applications and they are anxiously working to stay one step ahead of hackers whose efforts become more sophisticated with each attack. Cenzic's role is to provide the software and services that help companies automate the security process and ultimately keep their applications and data secure."

The highlights from the survey point out some disconcerting trends within the industry. Although the majority of C-level executives are aware that security initiatives are needed within their organization, the bulk of organizations surveyed do not have the resources or budget to do a more thorough job of continuously testing their applications, making them susceptible to various forms of malicious hack attacks and cybercrime.

Other key findings in the study include:

-- Data breach cited as highest priority application security risk in 2007. Identity theft, data breaches, unauthorized access and downed Web sites are the key security risks that security professionals sited as their highest priority to stop.

-- More than half of the respondents fear losing their job if there was a security breach.

-- Low confidence that senior management or board of directors understand the costs and liabilities in case of a Web site hacking. Less than 19 percent of respondents are confident that their senior management and board of directors truly understand the costs, losses and other implications associated with a Web application security breach.

-- Almost 60 percent of respondents dedicate less than 10 hours per week to securing their Web applications. Less than 20 percent of organizations have an employee dedicated to the task of securing their applications.

-- Only approximately 10 percent of respondents classify their testing of Web applications in pre-deployment as "excellent."

-- Forty-four percent of respondents cite customers' confidential information loss as posing the biggest financial problem for an organization.

-- More than half of respondents say Web application security awareness training is a priority. However, 43 percent of respondents agree that there is not adequate funding for training within their organizations.

The intent of the survey was to examine the issues facing security professionals and their organizations, to evaluate perceived preparedness, to understand approaches and concerns and to assess the current and future state of the evolving threat environment. For a copy of the complete survey, please visit http://www.cenzic.com/sur

About Executive Alliance, Inc.

Executive Alliance is the premier organization for creating leadership-recognition forums that honor and recognize outstanding achievements of executives in different industries. These forums facilitate the building of deep relationships within a network of peers, provide visibility for executives and their companies, and offer access and insight into the people leading these industries. Through an extensive platform of collaborative events, which include Industry Award Events, Summits, Executive Roundtables, Executive Forums, Private Receptions, and Customized Programs, Executive Alliance creates interactive forums for bringing together top executives and innovators in their field.

About Cenzic

Cenzic is the innovative leader of next-generation application security assessment and risk management solutions that quickly and accurately find more "real" application vulnerabilities in both legacy Web 1.0 and Web 2.0 applications. The Cenzic suite of application security solutions fit any companies' needs from remote, Software as Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry empowering organizations to stay on top of unrelenting application security threats.