Security Slideshow: Information Security: Views of CEOs, CISOs Diverge Sharply

By Fahmida Y. Rashid  |  Posted 06-21-2012

Concerned About Breaches

The survey asked, "How concerned are you about your IT systems getting hacked?" The majority of CEO respondents were "somewhat concerned" while the majority of CISO respondents were "very concerned." Twenty percent of CEOs polled were not concerned at all. Only 4 percent of CISOs polled were that confident.

Concerned About Breaches

Under Attack?

Security experts warn that companies are often under attack or compromised for weeks or months (even years) before the hack is detected. Only 4 percent of CEOs polled thought that was definitely the case, compared to 15 percent of CISOs.

Under Attack?

Highest Risk

CEO respondents felt external attacks, such as phishing and social engineering, were the greatest threats to the organization's security, while CISO respondents were more likely to blame employees.

Highest Risk

External Threats

CEO respondents were more likely to list phishing and social engineering attacks as the greatest threats to the company's IT infrastructure than CISO respondents, who ranked it a distant second. CEOs polled were more concerned about the prospect of lost or compromised mobile phones and other portable devices than were CISOs.

External Threats

Internal Threats

The workforce was the primary concern for CISO respondents, who claimed that a lack of employee education and diligence posed the biggest threats to the organization. Phishing (a distant second) and nation-state attacks (third) weren't as critical to CISOs as were the internal issues.

Internal Threats

Accountability

The buck stops - sort of - at the CISO's desk. Only 4 percent of the CEOs polled felt their jobs would "definitely" be on the line if the company were hacked, compared to 14 percent of the CISOs.

Accountability

Time for Training

While CEO and CISO respondents agreed that they had enough time to sufficiently train and educate their workforce.

Time for Training

No Information

Only 8 percent of CEO respondents claimed their CISOs update them on the state of IT infrastructure security every day, compared to the 11 percent who said they do so once a week. In fact, 65 percent of the CEOs polled said they don't have the information they need to translate IT risk into business risk.

No Information

Whos Winning?

CEOs and CISOs agree on one thing: The bad guys are winning. Both groups strongly felt that hackers were ahead of the security curve, although 42 percent of CISOs thought the "good guys" were pushing ahead.

Whos Winning?

Security as a Joint Responsibility

CEOs and CISOs alike believe security is not their responsibility alone, but one that requires work and support across all parts of the company. CISOs were less likely to favor the go-it-alone approach to security.

Security as a Joint Responsibility