The growing economic power of China brings about big challenges to Chinese companies in terms of IT security. As a consequence Chinese companies plan to spend 19% of their IT budget on measures enhancing IT security. In the USA, however, companies there spend just 12 percent of their IT budget on IT security. These figures are the findings of a survey among more than 3000 IT and IT security experts in China and the USA which was conducted by the Accenture consulting firm.
Most of Chinese IT experts (58%) think that threats to their IT systems have even increased since 2006 and therefore want to spend more money on IT security in 2007 (55%). Among those questioned in the US just 16% think that threats have increased since 2006. Nevertheless 39% of IT decision makers will invest more in IT security there in 2007.
Most attacks against the IT systems of Chinese companies are directed against known security gaps in operating systems (66%) and applications (41%). Thus, weaknesses in terms of access control and security gaps of data base systems of companies were abused for attacks in 38% and 30% of cases respectivly. The biggest threats are posed by computer viruses and worms. 70% of Chinese companies were attacked by computer viruses last year and the IT systems of fifty percent of Chinese companies became the victim of so-called worm attacks. In the USA, on the other hand, 49% of companies were attacked by computer viruses and 35% by worms.
In America employees are controlled more at their place of work. Thus, more than 50% of US firms monitor the email traffic of their employees (China: 34%), 40% keep an eye on the websites visited by employees (China: 25%) and 35% monitor the use of telephones (China: 22%).
While in most American companies it is the chief executive officer who takes the decisions on IT security, in Chinese firms these are most of the time taken by the head of finance. The price of IT security solutions and products is of major importance in both of these countries when it comes to making decisions in this respect (USA: 64%, China: 48%).
In the course of the study in question 1100 and 1990 IT security experts were questioned in US and Chinese companies respectively in May and June 2007. Besides Accenture the study was also conducted by InformationWeek.