Despite the growing number of data breaches reported by U.S. businesses, corporate database security is still not up to scratch.
Sixty-seven percent of the 179 companies surveyed by Enterprise Strategy Group said they had suffered one or more confidential data breaches within the past 12 months.
Yet many appear satisfied with their security precautions, ESG found.
"We were shocked that more than 60 percent of respondents suffered a data breach in the past year," Tom Bain, director of communications and marketing at database security solutions vendor Application Security, which sponsored the survey, told InternetNews.com.
Half the respondents said internal breaches were directly responsible for the loss of confidential data, while 19 percent blamed external attacks and 11 percent blamed a combination of the two. Another 14 percent said data loss came as a result of losing a device containing confidential data.
Despite the grim numbers, the survey found that 81 percent of the respondents said their senior management is satisfied with their company's current database security controls, while 79 percent said their auditors were satisfied with these controls.
On the other hand, 38 percent also admitted that their organization had failed a security or compliance audit within the past two to three years.
Of those whose companies had failed an audit, the largest number, 48 percent, failed general internal security and IT audits. Payment-card industry audit failures -- concerning data protection around credit cards, debit cards and other forms of payment -- came next at 42 percent.
Still, the problem may at least get better attention in the future. The survey found that 76 percent of the respondents ranked improving database security as high or the top priority, although 20 percent said it was one of many competing security priorities.
But there may also be reason for concern, as well: The current economic recession poses a high threat to database security, Bain said.
"If a database administrator is laid off because of downsizing, he could easily go in while he has access and pull down database instances," he said. "You have to proactively monitor your databases to make sure this doesn't happen."