Security Execs: Under Pressure and Under Prepared

A new survey of corporate security executives shows that their jobs are more difficult to handle than just a year ago, and they're not prepared to handle some significant security issues.

Nearly 100 percent of CSOs say they are well prepared to handle spam, malware, denial-of-service attacks, and hacker attacks, according to a survey by CSO Interchange at a conference held last week in Chicago for chief security officers. However, the same survey also shows that 88 percent say their organizations are least prepared to handle inadvertent loss of data, social engineering and inappropriate use.

On top of that, another 75 percent report that their jobs have become more difficult or substantially more difficult than they were last year.

''The role of the CSO continues to become more complex,'' says Philippe Courtot, co-founder of CSO Interchange and CEO of Qualys. ''CSOs now have responsibility for internal and external threats, compliance with regulatory mandates, and attention to bottom line business performance... ''Through the open environment provided at CSO Interchange, we have learned CSOs are still looking for support for policies, procedures and technologies to lockdown their networks and secure data.''

The survey also shows:

Sixty-four percent of CSOs surveyed are more concerned about compliance this year than they were last year, and 38 percent report their budget for compliance solutions grew during the past year;

Seventy-four percent say their organization must comply with more than five laws and regulations;

Sixty-eight percent say their security budget is less than 10 percent of their total IT budget;

Eighty-three percent outsource less than 10 percent of their security, and 40 percent do not outsource security processes at all, and

Seventy percent say they do not receive sufficient early warning for cyberattacks.