CEOs Lack Visibility Into Origin And Seriousness Of Security

Boston, MA – June 12, 2012 - CORE Security®, a leading provider of predictive security intelligence solutions, today exposed the division that exists between the CEO and Chief Information Security Officer (CISO), on how they view threats to IT Infrastructure security. The survey found that these two executive groups remain far apart on how to best address an issue that according to analyst reports, now costs organizations more than $30 billion annually. The problem is further exacerbated by the lack of communication between the offices of the CEO and CISO. More than 36 percent of CEOs said that the CISO never reports to them on the state of IT infrastructure security, as opposed to only 27 percent who report receiving updates on a somewhat regular basis.

While CISOs are pointing a finger directly at the workforce as their primary concern, citing that a lack of employee education and diligence represents the greatest threat to the security of the corporate IT infrastructure. CEOs disagreed, believing that external phishing attacks represent the largest threat to the organization and that the company has sufficient time and resources to adequately train and educate their employees to effectively mitigate threats.

“These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets. The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least,” said Patricia Foye, Sr. Vice President, Marketing, at CORE Security. “CEOs need to bring their security teams into the mainstream of day-to-day operations. Security and continual risk assessment should be woven into the fabric of operational reviews and should be an agenda item at the Board of Director level.”

With more than 60 percent of CISOs responding that they are very concerned about their IT systems experiencing a breach, it was somewhat surprising that only slightly more than half have ever tried to compromise their own networks to test the effectiveness of their security. In sharp contrast, only 15 percent of CEOs were very concerned about their network being attacked. Yet despite their confidence, 65 percent of CEOs still admitted to not having the sufficient data needed to interpret how security threats translate to overall business risk.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com.