Over and over again we are pummeled with statistics on how risk is growing in disproportion to security readiness.

-91% of companies have experienced at least one IT security event from an external source.

-90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders.

-40% reported rogue cloud issues (shadow IT) experienced the exposure of confidential information as a result

-34% share passwords with their co-workers for applications like FedEx, Twitter, Staples, LinkedIn.

These are real stats from studies by like Gartner, Forrester, Ponemon, Kaspersky, Eschelon and others. But there’s one stat that really curls my hair (what little of it is left):

• Due to complexity, over 70% of organizations still not adequately securing critical systems.

Wow. It’s a staggering number. But it got me to thinking why. What is causing this universal security paralysis? Now I’m not proclaiming securipocolypse …