The Great Security Disconnect

Michael Vizard
Slide Show

The C-Suite and the Business Case for Data Protection


There has always been a divide between what the boss and the rank and file know about the business. But when it comes to security, that divide can be fatal.


A new survey from the Ponemon Institute that was conducted in Great Britain on behalf of IBM illustrates many of the management challenges that security professionals routinely have to deal with on an everyday basis. The survey of 115 C-level executives found that while CEOs generally deem security to be important, their grasp of the security threats facing the business is not all that deep.


Specifically, the survey shows that there is a significant gap in the confidence of CEO and other C-level executives in terms of whether the organization will suffer a major security breach in the coming year, and perhaps more importantly, how often their systems are attacked. Perhaps worst of all, confidence in their existing security systems means that there are a lot more CEOs that think their security systems are adequately funded than there are that don't.


Dr. Larry Ponemon, who heads up the Ponemon Institute, says the disconnect between CEOs and the rest of the IT organization is contributing to a rising level of fatalism when it comes to security. In general, companies have confidence in their ability to deal with known threats. But the prevalence of emerging threats has left many IT organizations wondering why they should continue to invest in security systems that are likely to be compromised no matter what they do.


Dave Grant, director of security and compliance solutions, says a big part of the problem is that far too many IT organizations are overly invested in perimeter security products that, once compromised, leave the entire organization open to attack. What's required, he said, is more focus on securing data within the application layer, starting when applications are first built and delivered. Trying to layer on security after the fact is what is making security so costly and inefficient, he added.


Grant says that IT executives should take some comfort in the study, given the high level of value that CEOs place on security. But it's also clear that CEOs don't want to become particularly involved in the process, which means that when it comes to data security, IT organizations can still pretty much expect to be on their own.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.