Do you know if your company’s data is secure? One survey shows that most managers don’t have enough information to answer the question.
A new survey of C-suite folks finds that senior executives are confident in their organization’s information security strategy, even when they shouldn’t be.
In a survey of 9,600 senior executives, including CEOs, CIOs, CFOs, and CSOs, a surprising 43% said their organization had an effective security strategy that was being executed proactively.
Their confidence appears to be misplaced, as the authors of the 2012 Global State of Information Security Survey found that only 13% of the respondents actually had reason for that confidence.
That’s the message from a recent survey conducted by Gabriel Consulting. Just 22% of the 147 IT pros surveyed think their company’s management truly knows how secure their data is.
That disconnect can cause a number of problems, including making it difficult to get more money for security investments added to the IT budget. Overconfidence can also make it harder for management to deal with data breaches when they occur.
The solution: Better communication. Execs need to try to avoid the tendency to think security is only a big issue after something serious happens. They need to ask IT for an honest assessment of risks and take the answer seriously.
IT managers need to do their part by keeping management in the loop — in terms they can understand — about what new and ongoing threats the organization faces.