Apr 25, 2011
2011 Strategic Security Survey: CEOs Take Notice
Security professionals often feel that executives don’t prioritize information security and risk management, in terms of attention, budgets or both. But the 1,084 security pros responding to our InformationWeek Analytics 2011 Strategic Security Survey suggest that may be changing.
Consider that the number of respondents who cite management buy-in and adequate funding (or lack thereof) as a challenge dropped from 2010 to 2011. And, high-level business executives are getting more involved in policy and security spending decisions. In 2010, only 27% of CEOs/presidents were involved in policy; in 2011, that number jumped to 34%. And CEOs are also weighing in on spending, up six points compared with last year. These are positive signs. More executive attention can be a boon to security officers and administrators because it means strong allies within the organization for enforcing security policies, and it ensures that security has a voice that will be heard among business leaders.
But once executives start watching, they expect results. Thus, it’s critical for security leaders to communicate clearly. That means finding useful measures of your efforts to demonstrate what’s working, and where additional resources should be deployed. It also means speaking the language of business, rather than arcane technical talk.
For the first time, our survey—now in its fourteenth year—also digs into two emerging risk areas: mobile devices and social media. Consumer-centric smartphones and tablets are sprouting up across the IT landscape as employees look to tap corporate apps and carry sensitive information in their pockets. Meanwhile, social media is being embraced by users and business leaders, but can also expose your organization to malware and data loss. We include recommendations to help maximize the benefits of mobile and social platforms while keeping threats at bay.
We’ve also got findings on a variety of other core security issues, including budgets, secure software development, compliance and information protection—and of course, the cloud. (R2130511)
Survey Name: InformationWeek Analytics 2011 Strategic Security Survey
Survey Date: March 2011
Region: North America
Number of Respondents: 1,084