Ed Trapasso
New York
+1 (917) 452 3555

Rusty Weston
+1 (415) 947 6254

August 29, 2005
Accenture and InformationWeek Probe Information Security in the US

Concern over Compliance, Instant Messaging and Internal Attacks is Spurring Changes

NEW YORK; Aug. 29, 2005 – Regulatory compliance, internal attacks, and the vulnerability of electronic communications – especially instant messaging and e-mail – are among the key factors reshaping data security systems, according to the U.S. results of the 8th annual Global Information Security Survey by InformationWeek Magazine and Accenture.

At the same time, the U.S. Information Security Survey uncovered indications that companies and organizations are failing to provide rigorous protection of customer and client data. The survey, which was conducted over the Web this summer, received responses from more than 2,500 U.S. information technology and security professionals.


“Companies are taking a more structured approach to information security and making it more of a priority,” said Alastair MacWillson, partner in charge of Accenture’s security practice. “Many companies are beginning to see the benefits in leveraging new technologies to proactively assess and manage threats and vulnerabilities, and are consolidating, integrating and securing applications to improve integrity and productivity.”

Regulatory Impact
There are indications that compliance requirements like Sarbanes-Oxley, HIPAA, the U.S. Home Security Act and the U.S. Patriot Act are reshaping corporate security practices. According to the survey:

Threat Perception and Attacks
Security attacks are constantly evolving, making it difficult for companies to stay one step ahead.

For example:

Security Tactics
As a result of the vulnerabilities with instant messaging and E-mail, electronic communication has become a major focus of employee monitoring with attachments and content of outbound messages carefully scrutinized. Basic-user passwords still remain the most prevalent method used by companies to protect themselves against security breaches. Informing employees of privacy or behavior standards, posting privacy policies online and using secure Web transactions are the steps taken to safeguard the privacy of customer data. In addition, the survey reveals that:

Security Costs
A majority of U.S. companies spend below $500,000 on security expenses, with half anticipating increased spending in 2005 over the previous year, and only 3 percent expecting spending to decline. Performance and return on investment count the most when purchasing security products.

“Despite the fact that information security professionals are adopting many state-of-the-art security practices, certain lapses still exist that can result in serious financial losses for corporations or a violation of customer trust,” said Rusty Weston editor, InformationWeek Research. "Security professionals lack the ability to control every point of entry, but worse, they have too much faith in technology that claims to automate network defenses.”

About the Survey
The 2005 Global Information Security Survey is an editorial research product of InformationWeek magazine and Accenture. The study was fielded entirely on the Web during the month of July and early August 2005. This is the eighth year InformationWeek Research has conducted its Global Information Security Study. This report examines the responses of the 2,540 U.S. business-technology and security professionals that participated in the 2005 study. The U.S. sample was supplied from the subscriber base of InformationWeek and the publication’s affiliates - Optimize, Wall Street & Technology, Bank Systems & Technology, Insurance Systems & Technology, Software Development, Dr. Dobbs, Network Computing, Network Magazine, TechWeb and Secure Enterprise.

About Accenture
Accenture is a global management consulting, technology services and outsourcing company. Committed to delivering innovation, Accenture collaborates with its clients to help them become high-performance businesses and governments. With deep industry and business process expertise, broad global resources and a proven track record, Accenture can mobilize the right people, skills and technologies to help clients improve their performance. With more than 115,000 people in 48 countries, the company generated net revenues of US$13.67 billion for the fiscal year ended Aug. 31, 2004. Its home page is www.accenture.com.

About InformationWeek
InformationWeek helps more than 440,000 Business Technology Professionals who buy, build and manage technology drive business innovation powered by technology. In addition to the weekly magazine, InformationWeek provides a platform of information solutions including www.InformationWeek.com, InformationWeek Research, InformationWeek Events, which includes the InformationWeek Conference for Business Technology Executives and the InformationWeek Daily, an e-mail news service. In May 2003 in conjunction with Optimize, InformationWeek launched its Media Network. The Media Network consists of Optimize and Government Enterprise, as well as its Vertical Industry Network publications – Bank Systems & Technology, Insurance & Technology and Wall Street & Technology. InformationWeek is consistently recognized for its commitment to excellence and innovation, receiving several of the industry’s top media accolades including top spots in BtoB Magazine’s annual Media Power 50, as well as awards from ASBPE and Circulation Management magazine.

About CMP Media LLC
CMP Media (www.cmp.com) is the leading integrated media solutions company providing “broad and deep” access to the entire technology spectrum — the builders, sellers and buyers of technology worldwide. The company’s comprehensive database of technology decision makers enables marketers to reach targeted audiences throughout the purchase process with publications, web offerings, face-to-face events, consulting and other marketing services that deliver actionable results.