Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking
    • PC Hardware

    Organizations Over-Confident About Security Strategy: Survey

    Written by

    Fahmida Y. Rashid
    Published September 16, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Senior executives are confident in their organization’s information security strategy, even when they shouldn’t be, according to a recent survey.

      In a survey of 9,600 senior executives, including CEOs, CIOs, CFOs, and CSOs, a surprising 43 percent said their organization had an effective security strategy that was being executed proactively, PwC said in a report released Sept. 15. However, their confidence appears to be misplaced, as the authors of the 2012 Global State of Information Security Survey found that only 13 percent of the respondents deserved to be confident in their security posture.

      The survey asked executives to categorize their organizations in one of the four groups before analyzing other responses to determine how accurate the assessment was. “Front-runners” were organizations that had an effective strategy in place and were proactive executing the plan. “Strategists” got the strategy “right,” but were having difficulty executing the plan, while “Tacticians” got things done even without having a defined plan. The final group, “Firefighters,” did not have an effective plan and were typically reacting to threats as they occurred.

      “Visibility into when and how the next cyber-threat to information will emerge is poor, at best,” said Mark Lobel, a principal in PwC’s Advisory practice and one of the authors of the report.

      More companies are deploying security safeguards, such as code detection tools and intrusion-prevention tools, than in previous years, the survey found. Companies are investing in technologies focusing on prevention, detection and operational Web-related technologies, the report found.

      “Companies now have greater insights than ever before into the landscape of cyber crime and other security events,” Lobel said, but it may be leading executives to have a false sense of security.

      Despite recent high-profile data breaches, the increase in advanced persistent threats and growing number of malicious attacks, PwC found that security and privacy capabilities at organizations have declined over the past three years. Between 2009 and 2011, there were fewer executives who reported reviewing the privacy policy annually, keeping accurate inventory of where data was stored, deploying identity management, and developing business continuity and disaster recovery plans.

      Only 16 percent said the firm was addressing advanced persistent threats, the survey found. APTs are sophisticated attacks that are hard to detect and lurk in the network for a prolonged period of time stealing information. APT-related investments also degraded, with fewer executives reporting in 2011 they were training employees or investing in network access control software.

      As long as the economic climate keeps security budgets “conservative,” organizations may not be as well prepared to confront these threats, Lobel said. However, it appeared that executives were “bullish” about security spending, with about half of the respondents expecting increased budgets over the next 12 months.

      Security-related third-party risks are on the rise, the authors wrote. Surveyed executives estimated that 15 percent of security breaches hitting their organization were the result of an attack on a third-party partner or supplier, nearly double the number in 2009. The organization’s ability to perform due diligence, enforcing privacy requirements and reporting security breaches concerning third parties appear to have decreased between 2009 an 2011, according to the report. In 2009, 39 percent of respondents said the firm required third-party providers to comply with the organization’s privacy policies, but only 29 percent were able to say the same in 2011.

      The survey participants may be more confident than warranted because they were much more aware of the types of threats out there than they were in years past, according to the report’s authors. Only 9 percent of respondents were unaware of the frequency, type and number of incidents that had struck the organization within the past 12 months. In 2007, the number was closer to 40 percent. Regulatory and compliance requirements such as the Payment Card Industry Data Security Standards (PCI-DSS) and Sarbanes-Oxley helped increase awareness, said Lobel.

      The “leaders” in security were most likely to work for an organization that had a chief information security officer and chief security officer, had an overall information security strategy, regularly measured and reviewed policies and procedures over the past year and employed dedicated security personnel to support internal departments, according to the report. Three out of four of them also expected to see information security spending to increase at their companies, the authors found.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.