14 DAY TRIAL // Courion, a firm that provides intelligent identity and access management solutions, has surveyed IT security executives at companies with 500 or more employees. It turns out that most chief information security officers (CISOs) are anxious about the possibility that their company might suffer a data breach.
More precisely, 78% of respondents say they’re anxious. Security executives are aware of the fact that they’re responsible for protecting customers’ privacy and personal data, and maintaining the equity of the brand.
Close to 60% have named protecting customers’ privacy as a top priority when addressing a serious data breach. The number one goal for 88% of IT security executives when addressing a significant breach is privilege abuse, followed at a distance by unapproved hardware (18%), bribery (16%) and email misuse (11%).
In the eventuality of an incident, 62% fear the negative publicity that affects the company. Only 1% are afraid of personal embarrassment and only 2% fear the loss of employment for others. Almost 7% are afraid they’ll lose their job.
For 2014, most consider the education of employees and other end users a top priority (29.4%). Other priorities are better management of user access and insider threats, communicating or enforcing company policy, and managing external threats (e.g. phishing scams).
Identity management has been named by 14% their organization’s top IT security-related project in the next 12 months. Other projects planned by executives are SIEM (13%), firewall management (13%), DLP (12%) and intrusion management (10%). Mobile device management is a top priority only for 9% of respondents.
Almost all CISOs believe that their IT security teams take preventing data breaches seriously. Executive management, the organization’s board of directors and law enforcement are also believed to be serious about this issue. At the bottom of the chart, we have employees and politicians.
“Our recent survey confirmed what we've been hearing from many customers over the past few years, the role of the senior IT security executive is constantly changing,” said Christopher Zannetos, president and CEO of Courion.
“Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however,” Zannetos added.
“We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.”
The complete report is available on Courion’s website (registration required).