Fifty-eight Percent of Higher Education IT Directors Report at Least One Security Incident in the Last Year According to the CDW-G Higher Education IT Security Report Card 2006
Nine Percent Report Loss or Theft of Student Personal Information; More than Three Million Students Nationwide Could be Affected
VERNON HILLS, Ill. - October 10, 2006 - CDW Government, Inc. (CDW-G), a wholly owned subsidiary of CDW Corporation [NASDAQ: CDWC] and leading source of Information Technology (IT) solutions to governments and educators, announced today, in conjunction with Eduventures, the results of the CDW-G Higher Education IT Security Report Card 2006 - a survey of 182 higher education directors and managers across the United States. The study reveals that 58 percent of surveyed higher education directors/ managers experienced at least one IT security incident in the last year. Nine percent reported a loss/theft of personal student information. With an average of 4,097 students per institution in the U.S, more than three million students could be impacted by loss/theft of their personal information.*
"Without question, IT security is an issue that everyone in higher education needs to take seriously as institutions continue to experience security breaches at a high rate, putting valuable data resources and personal identity information at risk," said Stan Gatewood, chief information security officer for the University of Georgia. "The CDW-G Higher Education IT Security Report Card takes an important look at the very real challenges higher education IT directors and managers face - and what it will take to overcome them - as they strive to improve IT security at our nation's colleges and universities."
Given the number of incidents at American colleges and universities, IT security continues to be a big concern on higher education campuses. An overwhelming majority of respondents (84 percent) rated IT security within their top five priorities. However, their administrations do not necessarily regard it with the same sense of urgency. Fewer than half the respondents report that their administrations make IT security a top-five priority. IT directors/managers cite "lack of funding" and "too few staff resources" as the biggest barriers to improving IT security on campus. As a result, only 11 percent of respondents state that their networks are "very safe" from attack. Respondents are most concerned about the amount of sensitive data residing on unprotected computers, rating these assets as their greatest security risk.
"Our higher education institutions have always placed a high value on protecting the safety of their students, faculty and facilities. Today, that extends into protecting an ever-expanding volume of personal and institutional data, as well as a growing number of networked devices, from increasingly sophisticated security threats," said Julie Smith, director of higher education for CDW-G. "Our second annual survey found that while higher education IT directors recognize IT security as a major priority, they are stretched thin for the vital resources they need to prevent a devastating loss of critical data."
IT directors/managers rate the support for IT security that they receive from their executive administration, faculty and students:
"Lack of awareness among students and faculty is a major challenge as higher education institutions try to improve IT security on campus," said Catherine Burdt, senior analyst for Eduventures. "Part of the perceived lack of support on campus can be attributed to the fact that computer users are not aware of IT security policies. Institutions should consider boosting funding for security training and awareness programs."
- Administration earns a "B": Ninety-three percent of respondents state that the executive administrations at their schools are supportive to extremely supportive of IT security initiatives. However, respondents cite "financial commitment" and lack of "funding for training programs" as barriers with this group
- Faculty earns a "C": Twenty-eight percent of respondents state that faculty are not supportive of IT security initiatives. "Lack of awareness" and the "expectation that exceptions will be made for individuals" are the biggest challenges
- Students earn a "C": Thirty-one percent of respondents report that students are not supportive of IT security initiatives. Respondents cite "lack of awareness" and a "disregard of rules/policies" as the major roadblocks with students
Financial Support for IT Security
Though IT directors/managers state that IT security is a major priority and that their administrations are supportive, 97 percent report that one quarter or less of their IT budgets go toward IT security.
The vast majority of respondents (81 percent) feel that the budget allocated to IT security is less than what is needed. In addition, 68 percent report no growth in their IT security budgets this year compared to the previous year.
CDW-G recognizes that the solutions to the challenges raised in its survey are complex and require in-depth analysis. However, CDW-G recommends that higher education institutions initiate a dialogue between the appropriate departments on campus to consider the following recommendations:
- Present formal business cases to administrations when seeking budgetary increases for security enhancements
- Examine the total financial impact of a major security breach - costs associated with technology, downtime, staff time spent on recovery, communications, legal action, etc. - to make the business case for additional funding
- Improve authorized access policies to reduce outside threats to networks
- Manage and monitor the increasing number of devices hooking up to the network - potentially investing in technologies like network access control
- Boost funding for security training and awareness programs, and make them mandatory for all network users
The CDW-G Higher Education IT Security Report Card findings are based on an online survey of 182 higher education directors and managers from a variety of higher education settings - from large research institutions to small community colleges. The study has a +/- 5.5 percent margin of error at a 90 percent confidence level.
Visit www.cdwg.com/higheredsecurity for more information about the survey results and a complete analysis.
A wholly owned subsidiary of CDW Corporation (NASDAQ: CDWC), a FORTUNE 500 company, CDW Government (CDW-G) is a trusted technology advisor to federal, state and local government agencies, as well as to educational institutions at all levels. CDW-G offers best-in-class technology products and services from top-name brands such as Acer, Adobe, Cisco, HP, IBM, Lenovo, Microsoft, Panasonic, Samsung, Sony, Symantec, and Toshiba. For more information about CDW-G product offerings, procurement options, service and solutions, call 1.800.863.4239, or visit the
CDW-G Web site at CDWG.com.
Eduventures is a research and consulting firm dedicated to helping organizations succeed in the rapidly changing education market. The firm serves institutions across the education landscape, from K-12 through higher education, and works with a client base of executives and senior managers at hundreds of leading educational organizations and the businesses that serve the education markets. For more information, visit www.eduventures.com.
* 1105 Media, Inc. estimates that there are approximately 10,000 higher education IT directors/managers in the U.S. Assuming that each survey respondent represents a unique institution, the total number of institutions impacted by a loss/theft of student data nationwide is approximately 900. Federal government data indicates that there is an average of 4,097 students at each higher education institution, as there are 17,272,000 enrolled postsecondary students and 4,216 postsecondary institutions in the U.S. (Source: U.S. Department of Education, National Center for Education Statistics).