Organizations Failing to Implement Planned Cyber-Security Strategies

There are multiple gaps in the perception and reality of cyber-security between corporate executives and the IT professionals responsible for implementation, according to findings by Intel Security. Intel Security and the Center for Strategic and International Studies (CSIS) came to that conclusion in a 34-page report titled “Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity.” The study surveyed 800 cyber-security professionals around the world, including both operators and executives, to gain insight into the current perceptions of the risks and the rewards of the IT security industry. One of the top findings in the report was that while 90 percent of organizations said they have some form of cyber-security strategy in place, the reality is that less than 50 percent of organizations have actually implemented the planned cyber-security strategy. Also, the study found that 54 percent of respondents were more concerned about the impact a security breach will have on their reputations than the actual impact of the security incident. In this slide show, eWEEK takes a look at some of the key highlights of the report.

The survey revealed that while nearly all (90 percent) of organizations claim to have some form of cyber-security strategy in place, the reality is that less than 50 percent have actually implemented the strategy.

When it comes to impact, more than half (54 percent) of respondents indicated they were more concerned about the impact a security incident will have on their reputation than the actual effect of a security incident.

Nearly 60 percent of IT executives believe their cyber-security strategy is fully implemented, while less than 40 percent of IT operators have the same view.

When it comes to implementing a new security technology, the Intel Security study found that most organizations will aim to maintain a security platform that integrates both existing and new technologies.

Among the interesting perception gaps noted in the report is one on incentives. While few IT executives noted that there were no incentives for cyber-security professionals, nearly 30 percent of surveyed operators had a different view.

When asked about that actual impact of a security breach on an organization, not surprisingly disruption of operations was the top response.

When it comes to rating the effectiveness of cyber-security, both IT executives and operators largely agree that minimizing the number of security breaches is a primary metric.