Chief financial officers continue to rank information security as their top priority as compliance auditors and the fear of public humiliation over data leaks drive new levels of IT security scrutiny, according to a new survey.
The study, conducted by IT services giant Computer Sciences in collaboration with FERF (Financial Executives Research Foundation), FEI (Financial Executives International) and the CFIT (Committee on Finance & Information Technology), also concludes that despite the fretting over potential fines or data losses, many enterprises do not have adequate plans in place to protect their information.
According to the survey, which is in its eighth year and based on responses garnered from roughly 700 financial executives, only 20 percent of those interviewed by CSC said they feel "highly satisfied" with their security policies and infrastructure.
Roughly 10 percent of the executives said their company has already experienced a major business interruption as a result of cyber-attacks.
"Information security persists as an area of significant concern for financial officers due to the growing number of audits evaluating security measures, the frequency of security breaches and broad press coverage of those breaches," Jerry Boltin, practice leader of CSC's Business Intelligence Consulting Group, wrote in the report.
"This is not a surprise when one considers the potential for negative market consequences if confidential information is compromised."
Surprisingly, even though survey respondents expressed widespread concern over security, a majority (60 percent) said that their companies, and this includes large enterprises, do not have a strategic IT security plan in place.
CSC said that among organizations with more than $5 billion in revenue, only 63 percent of those interviewed reported having a formal plan.
Experts said that the results are puzzling given the widespread spending on security technologies that has been tracked over the last several years.
"As we've said in previous survey reports, this is paradoxical given the size of the IT investments and the potential consequences of these decisions," Taylor Hawes, chairman of CFIT, said in the report.
But Hawes added that the inconsistent results may help explain the variability in return on IT investment and project success rates.