Security was an important concern for CIOs before Sept. 11, but it has become an even higher priority following the attacks. Companies have invested both financial and human resources to bolster security, and have made some improvements to their security practices. However, CIOs do not show the same high degree of concern for cyberterrorism. Given the nation's and the economy's dependence on computer networks, and the fact that less than half of our respondents' companies formally assess their security vulnerabilities, CIOs should consider devoting more attention to the threat of a cyberattack and review their security processes. And while line managers are more willing to support steps to improve security, the middling marks they receive for security awareness indicate further education is in order.