The overwhelming majority of CEOs are resigned to the reality that their organizations will suffer a data breach of some type in the coming year, according to an IBM-sponsored study conducted by the Ponemon Institute, a fact that has many reevaluating their security priorities and budgets.
Ponemon Institute, a Traverse City, Mich. security research firm, queried 115 C-level executives at U.K.-based enterprises to get an idea of just how much the sustained barrage of cyber attacks and high-profile data breaches has changed their organizations' security strategies.
All of the respondents said that their companies had their data attacked at least once in the past year and 77 percent said they had endured a data breach at some point. Seventy-six percent of the execs said that they now view reducing potential security flaws in their business-critical applications as the single most important aspect of their IT security plan.
"In the face of growing security threats, business leaders are finally recognizing that a strong data protection strategy plays a critical role to their bottom line," Larry Ponemon, chairman and founder of The Ponemon Institute, said in a statement. "Once viewed as purely a technical issue, the responses garnered in our survey highlight a shift in how organizations are treating their investments in security software."
The cost of network security
Not surprisingly, CEOs are most concerned about the economics of security. At a time when most companies are cutting IT budgets and reducing headcount, business leaders are now changing their tune and adding security personnel and investing in expensive technology to protect their bottom lines.
Putting aside the embarrassment and possible customer defections that a major data breach would assure, companies have discovered that resolving a garden-variety data breach can cost millions of dollars and expose them to penalties from their industry or the government for failing to meet compliance standards.
This latest study found that 81 percent of executives believe that investing in a security strategy can greatly reduce or mitigate the risk of data loss or theft.
"We are witnessing C-level executives implement security strategies at a much higher rate than ever before," Daniel Sabbah, general manager of IBM Rational, said. "The results from this Ponemon Institute study underscore the increased understanding among business leaders around the importance of addressing security defects at the earliest stages possible, before they become too costly to fix and cause irreversible harm and damage to the business."
When it comes to data protection, the buck stops at the CIO's desk, according to respondents. Seventy-five percent of those surveyed said one person, the CIO, is ultimately responsible for protecting their organization's data.
Another 51 percent said the purpose of data protection programs is to increase brand or marketplace image and 34 percent reported that they perceive security attacks take place on an hourly basis within their organizations.
"Today, C-level executives believe the cost-savings from investing in a data protection program are substantially higher than the estimated value of recovering from a breach," Ponemon added.