Vulnerabilities / Threats
3/25/2010
05:04 PM
50%
50%

CEOs Paying Attention To Security, Study Says

CIO is the person most frequently held responsible for data protection, Ponemon survey says

Top-level executives are beginning to grasp the importance of security, according to a study published today.

Eighty-one percent of C-level executives think that investing in a security strategy can greatly reduce or mitigate the risk of data loss or theft, according to the survey of 115 C-level executives in the U.K. conducted by Ponemon Institute and sponsored by IBM.

"In the face of growing security threats, business leaders are finally recognizing that a strong data protection strategy plays a critical role to their bottom line," says Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "Today, C-level executives believe the cost savings from investing in a data protection program is substantially higher than the estimated value of recovering from a breach."

Seventy-seven percent of C-level executives reported that their organizations have experienced a data breach at some point, while all respondents disclosed that they have had their data attacked in the past 12 months. Seventy-six percent think that reducing potential security flaws within business-critical applications is the most important aspect of their data protection programs.

C-level executives believe good data protection practices can support important organizational goals, such as compliance, reputation management, and customer trust. Only a small percentage of the CEOs surveyed, just 18 percent, are very confident that their organizations will not suffer a data breach within the next year.

Executives in the study estimated the average data breach cost per compromised record at about $250. CEOs estimated that cost to be closer to $300 per compromised record.

Three-quarters of respondents reported that one person is considered to be in charge of data protection for their organizations. That person is considered by most to be the CIO -- especially by the CEO.

More than half (51 percent) of C-level executives believe the purpose of data protection programs is to increase brand or marketplace image.

"We are witnessing C-level executives implement security strategies at a much higher rate than ever before," said Daniel Sabbah, general manager of IBM Rational.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.