According to this article on eWeek.com, the majority of data centers do not have adequate defenses in place in the event of a cyber-attack. A study by AFCOM, the world's largest data center industry association, found that:
“Sixty-one percent of survey respondents said they see cyber-terrorism as a threat they need to deal with, but only a little over one-third of data center managers actually have included it in their disaster recovery plans, AFCOM said. Only 25 percent have addressed cyber-terrorism in their policies and procedures manuals, and only 60 percent have a written policies and procedures manual, AFCOM said. Only about 20 percent provide any cyber-terrorism employee training. On the other hand, 82 percent report that they perform background security checks on all potential new employees—another solid defense against cyber-terrorists, AFCOM said.”
There is an obvious gap between the perceived need for a deterrent for cyber-terrorism and what actually is actually done to prevent attacks.
Laziness? Lack of time? Lack of money? Don’t really believe it is necessary?
How do you explain this gap?
Channel Insider’s slideshow, Top Reasons SMB Security Still Sags, seems to provide some answers to this conundrum.