A recent Ponemon Institute survey (sponsored by security firm Ounce Labs) of 213 C-level executives have found a huge disparity between CEOs and other executives on IT security issues.
With 82 per cent of responding organizations indicating they havesuffered a data breach and more than half reporting attacks on a dailyor hourly basis, 48 per cent of CEOs shockingly responded that theircompanies are rarely attacked.
CEOs and other executives also disagree on who’s actuallyresponsible when a breach occurs. About 53 per cent of CEOs think theCIO is responsible, while only 24 per cent of other C-level executivesshare that viewpoint.
I tend to side against the CEOs in both of these findings. First off, log onto Google News and type the word “data breach.” Here, I’ll save you the trouble.
Almost any day you do that, you’ll find a new major data breach toread about. And I’d bet that most of the companies will have a CEO thatthinks “it could never happen to them.”
Secondly, putting the blame solely on the CIO is just foolish. Datasecurity only works when the whole company is on-board and working tokeep things secure. It’s as much a cultural initiative as it is atechnical one. That means the CEO might ultimately be the mostresponsible, whether they like it or not.
The last few years have really been a boom period for hackers andlarge-scale enterprise data breaches. The only way to turn this corneris not through better solutions, but rather for C-level executives toactually get on the same page.
If you’re interested in the full Ponemon Institute/Ounce Labs report, you can check it out here.