Good News: Attacks Are Down; Bad News: Attacks Are Worse

Fewer but fiercer attacks -- that's the word from a new study of business IT security trends over the past year. Today's breaches are reportedly twice as severe as those of just a couple of years ago.Of the more than 1,000 companies surveyed by the Computing Technology Industry Association (CompTIA), a full two-thirds reported no security breaches last year, up from the 61.8 percent who were incident-free a year ago, and way up from the barely 40 precent who deflected incidents two years back.

But for those who did get hit, the hit was worse. Responding to CompTIA's 0-10 severity scale (10 being the worst)the respondents rated last year's successful attacks as having a severity level of 4.8, more than twice the previous year's 2.3.

The severity increase CompTIA measured matches increased concern reported in a McAfee study a few released a few weeks ago in which a third of companies felt that a major data breach could put them out of business.

That same study posted business breach figures almost exactly opposite CompTIA's, with a full 60 percent of McAfee's 1,400 or so respondents reporting at least one incident in the last year. Only 6 percent claimed no security incidents in the past 24 months.

Two studies, two different results findings. Nothing unusual in that -- different methodologies, different questions and phrasings of questions, different respondent pools all contribute to the variances.

What's interesting and pertinent for us is the similarities between the studies -- increasingly severe attacks that pose increasingly severe consequences for compromised companies.

One thing to watch for -- and not just statistically -- in the coming year is whether the decline in successful attacks is matched by an increase in business complacency, an all-too-easy (and far too dangerous) step to take in an age of declining attack success numbers...

And a step that would quickly reverse the positive trend while reinforcing the negative.