Security Executives Confident, Probably Shouldn't Be
Security executives appear to be incredibly confident in their abilities and their protections against attacks from hackers and other security incidents, but recent evidence from a new PwC Consulting survey shows that they’re gravely mistaken, according to an article from The Wall Street Journal.
The survey shows that the general mood among security executives worldwide is optimistic, as nearly 70 percent say there were “very” or “somewhat confident” that they have sufficient security policies and practices in place, and more than 70 percent say their policies are “effective,” the article says.
However, that confidence may be misplaced. According to the article, the number of organizations that admitted they had suffered more than 50 security incidents in the prior year increased to 13 percent – which is a slight increase from last year, but a lot higher than previous years.
The article speculates that the confidence stems from the survey’s findings that only 7 percent of respondents reported a loss in shareholder value, and 14 percent saw financial loss stemming from a security incident in the prior year. The financial loss number is down 20 percent in the two prior years.
The catch, PwC says, is that most companies haven’t done the thorough analysis to determine whether they’re likely to experience a loss in value in the first place: Most haven’t considered whether or not a high-profile security breach might damage a brand, the article says.
And although attacks are on the rise, the article reports, fewer than half of those executives surveyed expect a boost in their security budgets for the coming year. Most of these – 86 percent – point to their bosses as the biggest obstacle to improving security.
The survey – The Global State of Information Security Survey 2013 – sought input from 9,300 CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents and directors of IT and information security in 128 countries.