CEOs underestimate security risks, survey finds
Lower-level execs more likely to fear the worst from attacks on corporate data
Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
The Ponemon survey (download PDF) of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues. For instance, 48% of CEOs surveyed said they believe hackers rarely try to access corporate data. On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
Ponemon found that CEOs tend to view data protection efforts as vital to maintaining good customer satisfaction levels and to the company's brand image. The other managers, however, were more likely to say that the most important role for data security efforts is to satisfy regulatory requirements.
The survey also found that CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was. More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way.
And 85% of respondents said someone else would be held responsible for a data breach. "On the issue of accountability, we found that while people acknowledged that data breaches were a problem, very few people felt that if [their company] suffered a breach, they would be held responsible," said Larry Ponemon, founder of the Ponemon Institute.
Some of the differences in perception between CEOs and other top executives can probably be traced to the metrics they use to define information security goals and to measure success, Ponemon added.
While most CEOs look for their companies to create cost-effective, and even profitable information security policies, other top executives said the policies should focus strictly on threat mitigation and compliance-related matters, he said. "CEOs want bigger-picture metrics, but what they are getting is the compliance story," Ponemon said.
The study showed that there is a broad need for new metrics to measure the impact of information security investments on asset performance and reputation management, he said. But what top managers are getting are more conventional success metrics, he added.
The Ponemon survey was sponsored by security vendor Ounce Labs Inc.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!