Conclusion 05: Response to Sept. 11
Activity since Sept. 11 seems to have focused mostly on improving employee training and enforcing existing security procedures rather than on creating new ones. But when it comes to cyberterrorismthe threat of malicious attacks against IT resourcesCIOs can be seen, at best, as moderately concerned.
CIOs have clearly been active since Sept. 11. When asked what changes they've made in security procedures since that date, 62% of all respondents said they are more stringently enforcing existing procedures. Half have focused on better employee training, and 35% have either begun or implemented a new security plan. But only 14% are screening IT personnel more thoroughly, and 3% created the role of chief security officer.
Cyberterrorism is a concern for IT executives, but not a very high oneit rated a mean of 6.2 on a scale of 1 to 10. That may be due to the fact that Sept. 11 was much more about physical rather than digital terrorism.
Only 4% of the companies that have performed a formal security risk assessment claim that Sept. 11 spurred the most recent assessment.