That's the chief conclusion to draw from a recent Booz Allen survey of 72 CEOs from firms with more than $1 billion in annual revenue. The CEOs were asked how September 11 has affected their views on a range of security related topics.
One in five of the CEOs don't believe that corporate security is any more important now than it was before September 11 and one-third of them don't anticipate new security costs.
"I think the results reflect the lack of a thorough understanding of what developing a rigorous security strategy and implementing it really entails," says Randy Starr, a principal in Booz Allen's Information Technology group. "And it could partly be a function of CEOs not being as well-connected to the folks who are the sponsors of the security initiatives."
CIOs' Business Continuity Plans Seen Falling Short|
IT executives post-Sept. 11 are concentrating more on revamping and testing plans, as opposed to more costly moves such as relocating offices and establishing new data centers.
Perhaps the numbers can also be explained by the limited concern the CEOs had for security before September 11. On a 10-point scale, the CEOs rated their level of concern for security at 6.0 before the terrorist attacks and 7.5 since. Surprisingly, the survey says these results are consistent across industries; typically, companies in verticals including financial, government and health care are more concerned about security.
Or maybe it's just that the executives only worry about more tangible threats, like anthrax. Indeed, more than 86% of the CEOs surveyed said they had heightened concerns about mail processing and 85% were more worried about travel.
At least they are on top of the disaster recovery planning, as 90% have reviewed their firms' plans since Sept. 11.
And the CEOs figure their customers think just like they do. Nearly three-quarters of them, 72%, believe corporate security is no more important for customers today than it was pre-September 11, and that customer willingness to buy from their companies will not be affected.
Interestingly, CEOs of non-financial firms are more concerned about that topic, as more than one-third believe the quality of their corporate security is indeed now a more important factor in customer willingness to buy their products and services.
One thing is certain: the CEOs aren't letting any of this keep them from the spotlight. Only 7% said they are concerned about lowering their public profile.
Not coincidentally, along with the survey Booz Allen also last week launched a new security practice that is intended to help educate CEOs about security concerns. It will include nearly 1,000 of the company's consultants. Focus areas will include homeland security, information assurance, operations and IT, critical infrastructure protection and social network engineering.
The group will be led by Booz Allen vice presidents Mark Gerencser and DeAnne Aguirre, who come from the company's government and commercial sectors, respectively.