September 2006 Security Survey: Despite Security Problems, Confidence in IT Security Remains High

By Allan Alter  |  Posted 09-13-2006

September 2006 Security Survey: Despite Security Problems, Confidence in IT Security Remains High

In our previous security surveys, IT executives have always expressed plenty of confidence in their security, even though so many corporate networks and web sites have been roughed up and penetrated. That's true again in 2006, although the level of confidence may have slipped just a bit. IT executives at large companies appear the most self-assured, even though they are more likely to consider their firms to be at a high level of risk. Those at small companies are more likely to be nervous. Even there, however, 73% say IT security is adequate.

At first glance, it seems odd that security spending and staffing is going up if confidence is high. If security is adequate, why boost the budget? One reason is the need to meet compliance requirements. But there's another likely explanation: CIOs feel confident in part because they are able to increase security spending. Just think of how IT executives would feel if security spending was cut back.

We'll be digging into the reasons IT executives are confident about security, and question whether they ought to be, in the coming weeks. Come back each Wednesday to see the latest. See below for the full schedule.

Upcoming results from the Security survey:

  • Sept. 20: Why confidence remains high: security technologies and strategies
  • Sept. 27: Are IT executives being overconfident? Protecting data, tightening policies

    For more data and analysis, see CIO Insight 's Research Center blog at

    Next page: Confidence in IT security remains high.

    Confidence in IT security

    remains high.">

    Finding 4: Confidence in IT security remains high.
    There's been plenty of bad news about lost and stolen data in the past 12 months, and that may have shaken up IT executives at small companies. But their peers at large and midsize companies have grown even more confident about their IT security in the past year, while only 1 in 10 of all respondents say their company is at high risk. Yet spending on IT security projects—as well as security personnel—keeps going up.

    Research Guide:

  • Finding 1: Employee negligence and Microsoft vulnerabilities are considered the most significant IT-security risks
  • Finding 2: Almost half of large companies have been targeted by online criminals.
  • Finding 3: One company in six has lost equipment containing company data in the past year.
  • Finding 4: Confidence in IT security remains high, despite security problems.

    Read our previous surveys on IT security, privacy and risk:

  • September 2005: Security Relaxes as IT Threats Increase
  • September 2004: Security and Privacy: Do You Feel More Secure Than Last Year?
  • August 2003: Is Your Security Comfort Level Too High?
  • September 2002: Rethinking Risk
  • February 2002: Security 2002
  • October 2001: Disaster Recovery 2001

    Related stories:

  • Double Identity: Pressure Increases, but CIOs Still Struggle to Stop Identity Theft (Sept 2005)
  • Geekfathers: CyberCrime Mobs Revealed (Baseline May 2005)

    Case studies:

  • Lexis-Nexis: Ground Zero for War vs. Data Thieves (Sept 2005)

    Interviews and Expert Voices:

  • Ira Winkler: Security is Easier—And Crooks Are Dumber—Than You Think (Sept 2005)


  • Dan Gillmor: Customer Data May be Too Risky to Keep (Sept 2005)
  • Eric Nee: Making Legitimate Business From Data Theft (Sept 2005)