Research: 2013 Strategic Security Survey

May 24, 2013


A Seat at the Table

In our 2012 Strategic Security Survey report, we said that most infosec pros are too willing to pin the blame for problems on end users, the CFO, vendors, developers -- anywhere but ourselves. Harsh? Maybe, but the message seems to have gotten through: Our 2013 data shows that security professionals have gotten the message that we need to own our strategies. Some data points:

>> 79% say they have not experienced a security breach or espionage in the past year. However, when asked if it's possible their systems have been infiltrated and they are unaware, 75% owned up said yes.
>> 42% cite enforcing security policies as a top security challenge, making it the No. 1 response.
>> 23% see public interest groups/hacktivists as the breach or espionage source that poses the greatest threat to their organizations in 2013.
>> 9% say the CFO/finance director sets policy for information security in their organizations; however, for 65%, the CFO/finance director sets spending, and 26% report CFO/finance director involvement in both.

In this report, we:

>> Examine in depth the results of our annual survey, now in its 16th year
>> Discuss the maturation of security as a business discipline
>> Provide recommendations on building a security-awareness program, using big data to make better decisions and selecting cyber-risk insurance

Respondent breakdown: All respondents are from organizations with 100 or more employees. Forty-one percent have 5,000 or more employees; 31% are over 10,000. Government, financial services and education are well-represented, and 30% are in a security-specific management role. An additional 25% are non-security-specific IT management, and 28% have revenue of $1 billion or more. (R6820613)

Survey Name InformationWeek 2013 Strategic Security Survey
Survey Date March 2013
Region North America
Number of Respondents 1,029 at organizations with 100 or more employees
Purpose To comprehensively assess the current state of security programs, where organizations are focusing their security efforts, and how IT is adapting to current threats and trends.

Research Report