Symantec Corp has released the findings of its 2011 Critical Infrastructure Protection (CIP) Survey, which found a drop in awareness and engagement on a global basis as measured by the CIP Participation Index.

The security-firm’s Critical Infrastructure Protection Survey is the result of research conducted in August and September 2011 by Applied Research, which surveyed C-level, IT professionals in SMBs and enterprises in 14 industries specifically designated as critical infrastructure industries. The survey included 3,475 organizations from 37 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America. Of these, 625 were in Canada.

Critical infrastructure providers come from industries that are of such importance that if their cyber networks were successfully attacked and disabled, it would result in an actual threat to national security.

In Canada 30% of respondents said they were engaged with protection programs this year. This is below the 37% of respondents worldwide who said their companies were engaged in CIP programs in 2011, which itself is well below the 56% engaged in CIP in 2010. Overall, preparedness was down 8% across the world to about 62% in 2011, down from about 70% in 2010.

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec.  “Having said that, limitations on manpower and resources as mentioned by respondents help explain why critical infrastructure providers have had to prioritize and focus their efforts on more day-to-day cyber threats. However, we think that targeted attacks against critical infrastructure providers in the form of Stuxnet, Nitro and Duqu will continue. Businesses and governments around the world should be very aggressive in their efforts to promote and coordinate protection of critical industry cyber networks. These latest attacks are likely just the beginning of more targeted attacks directed at critical infrastructure.”

Survey Highlights:

Lower awareness and engagement in government CIP programs.  This year, companies are generally less aware of their government’s CIP programs.  Thirty-six percent of respondents were somewhat or completely aware of the government critical infrastructure plans being discussed in their country compared to 55% last year.  In 2011, 37% of companies are completely or significantly engaged, versus 56% in 2010.

Slightly more ambivalence about government CIP programs.  The survey also revealed that companies are more ambivalent in 2011 than they were in 2010 about government CIP programs.  For example, when asked to voice their opinion about government CIP programs, 42% had no opinion or were neutral.  Also, companies are now slightly less willing to cooperate with CIP programs than they were one year ago (57% versus 66%).

Global organizations feel less prepared.  It is not surprising that as an organization’s assessment of the threat drops, their readiness drops as well. Overall readiness on a global scale fell an average of eight points (from 60% to 63% in 2011 compared with 68% to 70% in 2010).