Chief Security Officers from several top technology firms and government agencies say computer worms, viruses and regulatory compliance are likely to be the hot button issues that will keep them awake at night in 2005.

At the second CSO Interchange in New York this week, organized by eBay CSO Howard Schmidt and Qualys CEO Philippe Courtot, more than 85 CSOs exchanged ideas and concerns on a range of security issues affecting their organizations.

From disaster recovery and regulatory compliance to the need for more corporate investment in security, the forum provided executives from corporations, government agencies and other enterprises the opportunity to share real-world experiences with their peers, according to organizers.

During the one-day event, nearly 85 percent of the CSOs polled said their organization's security budgets had increased during the past years, but 61 percent still say they are under-funded.

Nearly 70 percent said online fraud was a major concern facing their organizations, yet only half felt their departments were sufficiently dealing with the increasing problem, according to survey results released by CSO Interchange. Fifty-four percent had not yet rolled out any kind of additional measure to avoid pervasive phishing scams.

Courtot, who co-founded the event with former White House advisor Schmidt, said the idea was to put top executives making security decisions together with others from varying types and sizes of organizations together.

"Today's CSOs are facing similar obstacles and issues across varied industries and businesses, and this provides an occasion for them to connect," he said.

While CSOs often walk a tight line between the need to meet the bottom line and the need for increased security to protect assets, the majority of those participating in yesterday's event believed that not enough is being done to protect against these threats.

"It doesn't matter how much money you have; it is never enough," Courtot said.

Courtot said corporate executives have increased their attention span in recent years when it comes to security issues, especially during the days of the malicious viruses and worms, even if the numbers produced at the forum don't bear him out.

The large majority of executives also claimed legislation now has a big influence on decision-making, and more than 80 percent said security was now a part of their company's Sarbanes-Oxley reporting.

"In most cases, the CSO is the individual responsible for bridging technical security issues with bottom-line business challenges," Jaime Chanaga, CSO of Geisinger Health System, said in a statement. "Issues such as cyber attacks, online fraud and zero-day exploits can have billion-dollar impacts and deserve the full attention of the organization.

"As CSOs, we need a direct link to our corporate boards and to each other to make more informed decisions," Chanaga continued. "Sharing information about security issues and openly discussing solutions help us make more informed decisions that will better protect our organizations and customers we serve."

Additional survey highlights include:

  • Fifty-eight percent of CSOs rated worms, viruses, Trojan horses, and regulatory compliance as their top security concerns;
  • Sixty-two percent of CSOs believe they do not get sufficient early warning for major cyber attacks;
  • Sixty-nine percent said their jobs have become more difficult over the past year;
  • Eighty percent of CSOs reported that cyber attacks had a bottom-line financial impact on their organizations;
  • CSOs reported that 82 percent of their top executives are concerned about data privacy.