Key Resources Inc. Survey Reveals Pervasive Complacency Around Mainframe Security

While 85 percent of IT pros say mainframe security is a top priority for their company, very few are taking the necessary steps to protect their most important IT systems

LAKE VILLA, Ill.--()--Key Resources Inc., the leader in mainframe vulnerability scanning solutions and consultancy, today announced the findings of its survey into mainframe security complacency among enterprises. “Don’t Let Mainframe Security Complacency Leave Your Critical Customer Data At Risk” reveals that while 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security. The commissioned study, conducted by Forrester Consulting on behalf of KRI, surveyed 225 IT management and security decision makers at North American companies with $500 million or more in annual revenue.

“Despite widespread awareness concerning the stakes, enterprises simply aren’t devoting enough attention and resources to mainframe security,” said Ray Overby, president and co-founder of Key Resources Inc. “All it takes is one mainframe data breach to bring an organization to its knees. But, many organizations lack the tools, personnel, and in some cases, knowledge, they need to protect their mainframes and all the mission-critical data they hold.”

Complacency in the Face of Massive Business Risk
Many organizations are actively working to secure their cloud infrastructure, but are they taking the appropriate steps to ensure the security of cloud-facing mainframes? Companies know that mainframe security is important, but they’re not taking actions that reflect their priorities. Even though 95 percent of respondents say they’re concerned about the potential of customer data breaches on the mainframe, 67 percent admit that only sometimes or rarely are they factoring security into mainframe decisions. This complacency puts their most critical IT systems at significant risk.

Addressing the problem means prioritizing scanning mainframe operating systems for zero-day vulnerabilities, which are a significant attack vector in data breaches. Yet, vulnerability scanning ranked last when respondents were asked to prioritize which factors are most important when managing mainframe security.

Misconceptions About How to Secure the Mainframe
Respondents’ top mainframe priorities are data breach prevention, compliance, risk management, IT cost reduction/optimization and application availability. But despite this desire for data breach prevention, scanning for OS vulnerabilities is consistently ranked as a low priority. There’s a fundamental misunderstanding among IT managers and security professionals about what it takes to secure the mainframe. Scanning for OS vulnerabilities is one of the most effective ways to prevent a breach.

IT managers do know, however, that they need help with their mainframe security. And while they find it easy to find the right mainframe security tools (65 percent), they overwhelmingly struggle to find the right personnel. The majority of respondents are either bringing in third-party mainframe security technology (96 percent) or outside resources to review security and compliance (95 percent). And, nearly three-quarters expect to experience a reduced risk of data breaches as a result of using mainframe security tools.

Protection Against Zero-Day Attacks

  • Eighty-six percent of IT management and security decision makers say that protecting systems from zero-day attacks is their biggest mainframe security challenge.
  • Additionally, 66 percent struggle to quickly identify vulnerabilities, while 63 percent struggle to ensure the integrity of vendor software.

They expect that using automated mainframe security tools will help them reduce the risk of breaches (73 percent) and decrease vulnerabilities (63 percent). Yet, the study shows that they view tasks like application scanning, penetration testing and gathering resources to secure the environment as critical or high priorities, while scanning for OS-level vulnerabilities ranks as the lowest priority.

“Many organizations lack the awareness needed to secure their operating system, which is what hackers exploit to gain access to critical corporate data through escalation of security authorities,” said Overby. “One of the most important things they can do is set up a process to scan for zero-day vulnerabilities.”

The full “Don’t Let Mainframe Security Complacency Leave Your Critical Customer Data At Risk” report is available for download here.

About Key Resources Inc.
Key Resources Inc. is the leading expert on mainframe security vulnerabilities, empowering some of the world’s largest corporations in finance, insurance, healthcare and beyond to keep their most important IT systems secure. Since 1988, Key Resources Inc. has provided software, services and consulting to enterprises running critical apps on IBM® z/OS. We help CIOs, CISOs and programmers take control of mainframe security so they can protect their data, avoid costly breaches and maintain regulatory compliance. To learn more, visit


March Communications
Brandon Reid
+1 617-992-9262

Release Summary

Key Resources Inc. survey reveals complacency in mainframe security and lack of awareness of the necessary steps to protect these important IT systems


March Communications
Brandon Reid
+1 617-992-9262