Interesting Stats

In conversations that I've been having over the past couple of years some stats seem to come back up over and over again.  I thought i would share them as thought fodder.  In a typical enterprise environment:

  • Over 50% of the systems will be infected with spyware
  • About 10% of the systems will be infected with trojans and/or bots
  • Abt. 10% of systems on the network are personal
  • Abt. 50-70% of all Internet destined traffic is for personal use
  • Abt. 10-20% of network bandwidth from Internet traffic is advertisements
  • Less than 5% of user activity is malicious
  • Less than 1% of user activity is highly malicious (theft of core IP, child pornography, electronic stalking)
  • Over 90% of employees will state they are security concious and compliant
  • Less than 40% will know where the Information Security policy is located
  • Over 80% of employees will state they will engage their manager in the event of a security question
  • Less than 50% of employees will know how to engage the Information Security department