But what if you ask the IT professionals whether executives actually back up their politically correct answer with tangible support? We did, and the results surprised us.
According to our survey, 70 percent of IT directors say executives provide meaningful support of security operations. When we asked about examples of that support, 66 percent said infosec leaders get input into critical business decisions, and 57 percent say executives provide sufficient budget.
Frankly, these results surprised us. For one, when have you ever heard IT say it has enough money? For another, security professionals used to wander in the wilderness like Old Testament prophets, their message unheeded by the idolaters in the executive suite.
Why the change? Our survey provides some clues. For instance, both executives and IT directors said industry and government compliance mandates have the most influence on their organizations' security programs. The status of corporate compliance with regulations is the most common information that gets reported to executives.
Programs such as state breach disclosure laws, the Payment Card Industry Data Security Standard and HIPAA have raised the profile of information security because the failure to comply with these and other regulations have consequences that are felt all the way up to the boardroom.
In addition, a string of high-profile security breaches in the past three or four years demonstrate that data theft isn't a phantom menace. When brand-name companies fall prey to targeted attacks, executives notice. In fact, executives say the potential loss or theft of personal information is their top security concern.
The full report is available as a free download here(registration required). It includes all the survey results from 326 C-level executives and IT leaders. It also has our detailed analysis of the IT/executive relationship around security, more than twenty charts, and real-world insights from executives at Vanguard, CIGNA and other leading corporations.