• On mySimon: Holiday Gifts Under $50
July 16, 2009 8:56 AM PDT

CEOs, other execs disagree on security

by Lance Whitney
  • Font size
  • Print
  • 10 comments

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings contrast with the opinions of senior executives who report to the CEO. They see their companies as more vulnerable and are not confident they can stop data theft. The survey was sponsored by security company Ounce Labs and conducted by security researcher Ponemon Institute.

The survey sought to determine how aware CEOs and other senior executives are of their own data projection efforts--how effective they are, how they justify the cost of security, and whether they support the goals of the organization.

The survey found that 82 percent of senior executives said their organization has experienced a data breach, with 94 percent saying they've been hit in the last six months. About 53 percent say they're attacked on a daily or even hourly basis.

Only 58 percent of the senior execs are confident in their company's ability to identify and respond to breaches that result in the theft of information. And just 32 percent think their company is rarely attacked.

Among CEOs, 93 percent are confident in their organization's ability to identify and thwart security breaches. And 48 percent said they believe their organizations are rarely attacked.

(Credit: Ounce Labs)

The responsibility for securing a company's data was also a question mark. Among CEOs, 53 percent felt the chief information officer is accountable for data protection, while only 25 percent of other senior executives felt the same way. And whoever is responsible, that person's job is seen as safe. Around 85 percent of executives questioned believe a failure to stop a security attack under their watch would not jeopardize their job.

(Credit: Ounce Labs)

To gather the data, Ponemon Institute questioned 30 CEOs and 183 other top-level executives who report to CEOs, including chief operating officers, division presidents, and chief information officers, over a six-month period ending in June.

Lance Whitney wears a few different technology hats--journalist, Web developer, and software trainer. He's a contributing editor for Microsoft TechNet Magazine and writes for other computer publications and Web sites. You can follow Lance on Twitter at @lancewhit. Lance is a member of the CNET Blog Network, and he is not an employee of CNET.
advertisement
Click here!
Recent posts from Security
Microsoft patching zero-day Windows 7 SMB hole
RSA reveals details behind re-shipping scam
Expert says Adobe Flash policy is risky
Apple updates Safari for security
Microsoft probing Windows 7 zero-day hole
Security considerations for virtual environments
Eastern Europeans charged in payment processor hack
A child porn-planting virus: Threat or bad defense?
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by RyanShab July 16, 2009 9:24 AM PDT
A few things.
First off, the title of the first chart is horrible. pick a tense and stick with it please. "how often DOES your organization's data BEEN attacked".

outside of that. My first question here is do all companies represented have all those positions? many times the CIO acts as the CISO so anyone who answered CIO could have answered CISO had they had that position.

also, this article makes it sound like the CEO and other execs dont agree with eachother about who's responsibility it is to secure data. different companies designate that duty to different positions. so as long as the CEO and other execs of each company said the same thing, what does it matter? theyre on the same page, thats the important part. also, i would hope that the CEO to exec ratio is the same per company.

bah, so many statistical failures in this i could write an article longer than the original here just listing them. but, i'll stop with those. lets try to take a statistics course or two before we give out survey data presented in such a horrible manner. I can only hope that Ounce Labs did more to make the survey statistically relevant.
Reply to this comment
by shootfirst July 16, 2009 9:26 AM PDT
Fascinating and who exactly did they do the survey on and why did they do this survey in the first place. Your job may be safe after one theft, but it depends on the size of the theft and then there is the question of how many times more it will happen. I am surprised there is a CEO in the world that would say that their company would suffer a data breach as that is not something you would say ever about your company.
Reply to this comment
by inachu1 July 16, 2009 10:19 AM PDT
At work my pc was attacked and the first symptom was that my windows firewall was disabled remotely.

I instantly went to reimage it.
Reply to this comment
by windooor7 July 16, 2009 11:57 AM PDT
IT its simple , home brew os i dont see why a company that sells hotdog and humberger and pepsi use the same software as a company that ships rokets to Mars. That why i wAs thinking what if us gov. use it own os and all its INSTANCES like,irs, social security etc. and make it illegal to own this os.Then it would be easy to tell what abstraction was hit. by the way have the most Hated os going foR the most secure intensive instANCES. Folks only buy Apple pc not beacuse of the software but because of hardware. Have windows run natively on apple and the macosx goes titanic with its hardware flying off selves.
Reply to this comment
by Michichael July 16, 2009 4:53 PM PDT
... Is this even English? The stupid... it burns...
by santuccie July 20, 2009 10:26 AM PDT
@windooor7:

I must confess I feel a little dumber after having read this. That said, Apple and Windows both use the same hardware, save for Apple's attractive chassis (personally, I think the best-looking notebook is a Vaio). And Macs are less upgradeable than PCs, which is why Apple was leapfrogged by MS all those years ago. Alienware will outrun the fastest Mac.
by pbookman July 16, 2009 12:02 PM PDT
CEO Delusion Syndrome (CDS) is not a new discovery.
Reply to this comment
by johnfranks1234 July 17, 2009 7:39 AM PDT
David Scott, author of I.T. WARS, believes these data breaches and thefts are largely due to a lagging business culture. Google ?I.T. WARS? and you can read a good bit of it on Google Books ? it?s also in many libraries. Read some fresh and original thinking here - http://www.businessforum.com/DScott_02.html - I urge every business person and IT person, management (IT Governance) or staff, to get hold of a copy of ?I.T. Wars: Managing the Business-Technology Weave in the New Millennium.? It has an excellent chapter on security, and how to scale security for any organization, any budget. It also has a plan template with all considerations. Our CEO has read this book. Our project managers are on their second reading. Our vendors are required to read it (they can borrow our copies if they don?t want to purchase it). Any agencies that wish to partner with us: We ask that they read it. Do yourself a favor and read this book - then ask your boss to read it - then ask your staff and co-workers to read it.
Reply to this comment
by CPUtooHot July 17, 2009 7:58 AM PDT
CEOs are probably too out-of-touch from the very employees who are responsible for the greatest number of security breaches. Their executives are closer to the problem and more aware of just how serious the issue of rogue employees has become. The recent LexisNexus breach by an employee who was involved in the Mafia, is just another log on the fire that warms the hearts of organized criminals around the world.
Reply to this comment
by chrissd July 17, 2009 10:20 PM PDT
Only 30 CEO's were questioned. That does not accurately describe the business world. It may be true, I've heard quite a few stories from former/computer admins who think their senior exec's are complete idiots, and can back it up. But you can't take the results of a survey from 30 people and call it business wide.
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right