Regulations such as the U.S. governments Sarbanes-Oxley Act have help pave the way for those improvements, said Brian Geffert, principal of security and privacy services at Deloitte. "Sarbanes got people to understand security a bit more, and now more people are catching up; more CEOs are communicating directly with chief information security officers, and I think we will see a lot more investment from these particular companies," said Geffert.Only 63 percent of respondents to the survey said they have a senior-level executive in their company dedicated to managing security issues, with 53 percent of information technology companies employing those types of leaders. Deloitte noted that those numbers were lower than the proportion of companies in other industries with C-level security executives already in place. Further, the survey found that 52 percent of technology, media and telecommunications companies consider security a problem for IT departments, rather than viewing the issue as a central business concern. The top five information security concerns identified by the executives polled were those related to instant messaging systems, phishing schemes, viruses that attack mobile devices, hacks into online brokerage accounts and other Web-based crimes. So-called insider attacks, or threats emanating from employees or other people with legitimate access to IT systems, are another major concern. However, only 59 percent of the companies interviewed said that they have any form of employee behavior monitoring technology in place. While 25 percent of respondents listed cited insider fraud as their primary internal security concern, 22 percent pointed to data losses such as the incidents that have recently victimized the U.S. Department of Veterans Affairs and insurance giant American International Group as their greatest fear. "These data leaks are starting to make people think differently about the manner in which they handle data, and you also have the emergence of small storage devices capable of carrying off a boatload of data, those things have opened peoples eyes," Geffert said. "At the end of the day, its all about getting people to look at their work habits differently and letting workers know what their responsibilities are for protecting the data; technology companies are a bit behind other industries today, but theres no reason that they cannot catch up." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
"To a degree people are in the stage where they are still making plans, and not yet fully engaged in moving forward, but theres progress."