Ipsos-Reid: Security low priority to Canadian CEOs

The potential threat of external or internal network attacks is only a “moderate priority” on the minds of Canadian mid-market CEOs, according to a recent Ipsos-Reid survey.

Protecting their corporate data and computer networks from an external or internal attack is a secondary consideration for the CEOs of most mid-sized Canadian companies, even though fewer than one in three feel their security measures are adequate, the report found.

Given the attention network security has been getting, the findings are a bit eye-opening, noted Chris Ferneyhough, vice-president, technology research, for Ipsos-Reid in Toronto.

The survey reveals that CEOs of many mid-sized companies aren’t particularly conscious of company security, and aren’t investing in the necessary infrastructure that will protect their critical corporate assets, Ferneyhough noted.

Eighty per cent of the executives said their networks have not been hit by an outside hacker in the past year, but 40 per cent said their organizations do not possess the intrusion detection systems necessary to determine if their networks have been attacked.

During the interview process, the study found CEOs seemed to become more aware of potential security threats. Initially, 48 per cent said their systems were “extremely secure” or “very secure,” but after answering questions about viruses, hackers and internal threats, only 30 per cent said their company’s security measures were very effective.

While most CEOs didn’t think it was a top business priority, three quarters agreed that securing IT systems was a top IT priority, but 42 per cent said spending on IT was either frozen or lower than last year.

The Ipsos-Reid report interviewed 250 CEOs of companies in Canada with 100 to 500 employees, from July through September 2002.