While security remains a priority for the majority of companies surveyed by CIO Insight, the level of concern has dropped since Sept. 11, 2001. Yet technology executives still complain about the difficulty of educating employees about security and enforcing security policy. Whats wrong with this picture?
It may simply be that most companies have adequately prepared for the security threats that matter to them most. Or it may be that they are fooling themselves and are not prepared for the future. Only time will tell. Here are the highlights of the CIO Insight Managing Security study conducted in May 2003 with 606 technology-executive respondents.
Finding:
The Security Comfort Level Is High.
Fewer than three quarters of companies rate security a top priority. At the same time, 90 percent believe their domestic security is adequate, and 94 percent perceive only a moderate or low level of risk. Do these numbers smack of overconfidence—or are the constant warnings coming from a collection of self-interested Chicken Littles?
Finding:
Education and Enforcement Remain Problematic.
Despite their relatively high level of comfort concerning security risk, CIOs continue to struggle when managing security policy. Meanwhile, efforts to increase security continue to meet resistance from users. Is this just an accident waiting for a place to happen?
Finding:
The Majority of CIOs Seem Comfortable With Their Security Spending.
Still, more than a third believe theyre not spending enough. Correspondingly, 44 percent expect their level of spending to increase.