The study, conducted by NetWitness and MIS Training Institute, was conducted at the 6th Annual CISO Executive Summit in Lisbon, Portugal, this month. Only 18 percent of the respondents said they considered hackers or nation-sponsored attacks to be a greater threat than insiders.
One in 10 CISOs reported they are not planning on spending any new monies on security this year, and are trying to just survive with their existing technology investments, the study says.
Twenty-six percent view governance, risk, and compliance (GRC) verification as the primary business driver for security spending in the next 12 months.
One-third of respondents believe firewalls alone provide adequate protection against data leaks. One-quarter of CISOs reported either not having the correct data leakage protection technology, or not knowing what they should have.
"What is really alarming is the misperception that traditional security approaches alone can protect against information leaks," says Sara Hook, conference director for EMEA at MIS Training Institute. Hook also expressed concern that "some CISOs were not sure what they need for data protection, or were not planning to focus any money in that area this year."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.