Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
The Ponemon survey ( download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap concerning information security issues between CEOs and other senior managers. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives, and are more confident that data breaches can be easily avoided.
The survey found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements.
The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
While eight out of 10 respondents believed there was one person responsible for data protection in their organizations, but there was a sharp difference of opinion on just who that person was. More than half of the CEO's said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way.
And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.
Some of the differences in perception between the CEO and other top executives can probably be traced to the metrics they use to define information security goals and to measure success, Ponemon added.
While most CEOs look for their companies to create cost-effective, and even profitable information security policies, other top executives said the policies should focus strictly on threat mitigation and compliance related matters, he said. "CEOs want bigger picture metrics, but what they are getting is the compliance story," Ponemon said.
The study showed that there is a broad need for new metrics to measure the impact of information security investments on asset performance and reputation management, he said. But what top managers are getting are more conventional success metrics, he added.
The Ponemon survey was sponsored by security vendor Ounce Labs.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
1 Recommendation
