Larry Ponemon, founder of the group that bears his name, said that survey shows a shift in the way C-level executives think about security software. Investing in data protection, he said, is now seen as less expensive than recovering from a data breach.
Data protection initiatives on average, according to the survey, result in a cost savings or revenue improvement of £11 million ($16 million) for organizations.
Perhaps more surprising than the revelation that security matters is the finding that while 75% of respondents see the CIO as the person responsible for data protection, 82% of respondents believe that the failure to stop a data breach would not result in the firing of the CIO.
This suggests either that respondents' beliefs about responsibility are misplaced or that few believe anyone can orchestrate a completely successful defense against cyber attacks, making firing for an inevitable outcome pointless.
As it turns out, the latter interpretation seems to be supported by the study: Over 27% of the respondents doubted that their organizations could avoid a data breach in the next 12 months.
CEOs appear to be more confident than the broader set of executives questioned, with only 10% expressing doubt about avoiding a data breach.
On a related note, CEOs appear to be less well-informed than other executives about the prevalence of online attacks.
"[O]nly 18% of CEOs believe attacks on data happen hourly or even more frequently, while 34% of other C-level executives believe this to be true," the study says.