For CIOs and senior technology strategists, IT security is a study in contrasts. On the one hand, it's a topic CIOs repeatedly cite as one of their most important issues, if not the most important. Yet a June CIO Insight study of 556 CIOs and senior IT executives suggests that their non-IT colleagues simply do not share their sense of urgency. Perhaps that's because, according to the survey, relatively few security breaches have hit their organizationsand most of those are of the "nuisance" variety, which doesn't cost a lot of hard dollars. Unfortunately, security is like insurance: You never know when you'll need it. By Mike Perkowski
Overall, respondents rated security an average of 8 on a 10-point scale of importance as both an IT and a business issue for their organizations; this held true for companies of all sizes, highlighting how much publicity security breaches and viruses have generated in recent years. But they were less positive about the security readiness of their organizations, and far less sanguine about the security awareness of their organizations' senior business executives.
The survey results also paint a portrait of the most security-conscious IT executives and their companies. This picture not only suggests that there are gaps in how even the most sophisticated CIOs view security practices, but also points the way to developing a more secure enterprise.