CEOs, other execs disagree on security

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings contrast with the opinions of senior executives who report to the CEO. They see their companies as more vulnerable and are not confident they can stop data theft. The survey was sponsored by security company Ounce Labs and conducted by security researcher Ponemon Institute.

The survey sought to determine how aware CEOs and other senior executives are of their own data projection efforts--how effective they are, how they justify the cost of security, and whether they support the goals of the organization.

The survey found that 82 percent of senior executives said their organization has experienced a data breach, with 94 percent saying they've been hit in the last six months. About 53 percent say they're attacked on a daily or even hourly basis.

Only 58 percent of the senior execs are confident in their company's ability to identify and respond to breaches that result in the theft of information. And just 32 percent think their company is rarely attacked.

Among CEOs, 93 percent are confident in their organization's ability to identify and thwart security breaches. And 48 percent said they believe their organizations are rarely attacked.

(Credit: Ounce Labs)

The responsibility for securing a company's data was also a question mark. Among CEOs, 53 percent felt the chief information officer is accountable for data protection, while only 25 percent of other senior executives felt the same way. And whoever is responsible, that person's job is seen as safe. Around 85 percent of executives questioned believe a failure to stop a security attack under their watch would not jeopardize their job.

(Credit: Ounce Labs)

To gather the data, Ponemon Institute questioned 30 CEOs and 183 other top-level executives who report to CEOs, including chief operating officers, division presidents, and chief information officers, over a six-month period ending in June.

[RyanShab]

A few things.
First off, the title of the first chart is horrible. pick a tense and stick with it please. "how often DOES your organization's data BEEN attacked".

outside of that. My first question here is do all companies represented have all those positions? many times the CIO acts as the CISO so anyone who answered CIO could have answered CISO had they had that position.

also, this article makes it sound like the CEO and other execs dont agree with eachother about who's responsibility it is to secure data. different companies designate that duty to different positions. so as long as the CEO and other execs of each company said the same thing, what does it matter? theyre on the same page, thats the important part. also, i would hope that the CEO to exec ratio is the same per company.

bah, so many statistical failures in this i could write an article longer than the original here just listing them. but, i'll stop with those. lets try to take a statistics course or two before we give out survey data presented in such a horrible manner. I can only hope that Ounce Labs did more to make the survey statistically relevant.

[shootfirst]

Fascinating and who exactly did they do the survey on and why did they do this survey in the first place. Your job may be safe after one theft, but it depends on the size of the theft and then there is the question of how many times more it will happen. I am surprised there is a CEO in the world that would say that their company would suffer a data breach as that is not something you would say ever about your company.

[inachu1]

At work my pc was attacked and the first symptom was that my windows firewall was disabled remotely.

I instantly went to reimage it.

[windooor7]

IT its simple , home brew os i dont see why a company that sells hotdog and humberger and pepsi use the same software as a company that ships rokets to Mars. That why i wAs thinking what if us gov. use it own os and all its INSTANCES like,irs, social security etc. and make it illegal to own this os.Then it would be easy to tell what abstraction was hit. by the way have the most Hated os going foR the most secure intensive instANCES. Folks only buy Apple pc not beacuse of the software but because of hardware. Have windows run natively on apple and the macosx goes titanic with its hardware flying off selves.

[Michichael]

... Is this even English? The stupid... it burns...

[santuccie]

@windooor7:

I must confess I feel a little dumber after having read this. That said, Apple and Windows both use the same hardware, save for Apple's attractive chassis (personally, I think the best-looking notebook is a Vaio). And Macs are less upgradeable than PCs, which is why Apple was leapfrogged by MS all those years ago. Alienware will outrun the fastest Mac.

[pbookman]

CEO Delusion Syndrome (CDS) is not a new discovery.

[johnfranks1234]

David Scott, author of I.T. WARS, believes these data breaches and thefts are largely due to a lagging business culture. Google ?I.T. WARS? and you can read a good bit of it on Google Books ? it?s also in many libraries. Read some fresh and original thinking here - http://www.businessforum.com/DScott_02.html - I urge every business person and IT person, management (IT Governance) or staff, to get hold of a copy of ?I.T. Wars: Managing the Business-Technology Weave in the New Millennium.? It has an excellent chapter on security, and how to scale security for any organization, any budget. It also has a plan template with all considerations. Our CEO has read this book. Our project managers are on their second reading. Our vendors are required to read it (they can borrow our copies if they don?t want to purchase it). Any agencies that wish to partner with us: We ask that they read it. Do yourself a favor and read this book - then ask your boss to read it - then ask your staff and co-workers to read it.

[CPUtooHot]

CEOs are probably too out-of-touch from the very employees who are responsible for the greatest number of security breaches. Their executives are closer to the problem and more aware of just how serious the issue of rogue employees has become. The recent LexisNexus breach by an employee who was involved in the Mafia, is just another log on the fire that warms the hearts of organized criminals around the world.

[chrissd]

Only 30 CEO's were questioned. That does not accurately describe the business world. It may be true, I've heard quite a few stories from former/computer admins who think their senior exec's are complete idiots, and can back it up. But you can't take the results of a survey from 30 people and call it business wide.