TAG 2017 Security Survey Results
Tuesday, June 13, 2017
74 foundations responded to the 2017 security survey, down from 80 who responded in 2016. This is a disappointing response rate, given the importance of security today. We’re not completely sure why the response rate is so low, but based on some feedback we received, we’re speculating that foundations are worried about how their foundation’s security practices will compare to their peers and they don’t want others in their foundation to see the foundation’s security shortcomings relative to their peers. I would argue the opposite—this is a great educational resource for participants, who should use the results to tighten up their foundation’s security policies, practices and technologies.
The biggest take-away mirrors what we hear in the news today—there is an increasing security risk for foundations. More than half of the respondents reported an increase in potential security threats in the last year and 20% reported having a security breach within the last two years. To counter security threats, almost everyone (90%) reported providing security awareness training to employees.
Almost half of the respondents do penetration testing and about a third reported having annual security audits, an incident response plan, cybersecurity insurance and a security monitoring service. A few even pay an incident management retainer.
The survey looked at what specific security measures foundations have in place for several different categories of technology, including end user devices, mobile, wireless, network and remote access. The survey also asked about specific products being used for different types of security such as firewalls, data/email encryption, virus protection and intrusion detection. Overall, the majority of foundations are taking security seriously and have implemented many security measures in each of these areas. The detailed information from these questions is only available to survey participants.
Return to Home Page