Security Slideshow: Information Security: Views of CEOs, CISOs Diverge Sharply
By Fahmida Y. Rashid | Posted 06-21-2012
CEOs and CISOs don't always see eye-to-eye on information security. That's perfectly understandable, as the CEO is (and should be) removed from the specifics of the threats hitting the details of the network and defenses that have been established by the CISO. However, a recent survey released by Core Security highlights just how far apart these two C-Suite executives can be over their company's security posture. Core Security received responses to its survey from 100 CEOs and 100 CISOs in the United States in April 2012. The numbers are eye opening. Only 15 percent of CEOs said they were very concerned about an attack on their network. Nearly three-quarters of the CEOs surveyed didn't think their systems were under attack or already compromised. Contrast that with more than 60 percent of CISOs being very concerned about attacks and believing their systems were already breached. "With all of the cyber threats that are reported on a weekly, monthly and annual basis, 36 percent of CEOs don't deem it necessary to get a security briefing from the member of their executive team who oversees security," wrote Mark Hatton, Core Security's CEO. If any other area of the company posed the multi-million dollar risk that cyber-security does, management would devote the significant attention to the issue, and security should be no different, Core Security said in its report. Here are 10 ways that CEOs and CISOs differ on their views of information security.
Concerned About Breaches
The survey asked, "How concerned are you about your IT systems getting hacked?" The majority of CEO respondents were "somewhat concerned" while the majority of CISO respondents were "very concerned." Twenty percent of CEOs polled were not concerned at all. Only 4 percent of CISOs polled were that confident.