Survey Reveals Security Executives Least Prepared to Prevent Inadvertent Loss of Data and Social Engineering Attacks

Chicago, IL – June 24, 2005 – Policy compliance, internal security threats and increased job complexity topped the list of concerns for more than 60 security executives who met yesterday in Chicago for the third CSO Interchange. Participants at CSO Interchange discussed a wide variety of security issues and revealed their top-of-mind concerns through an interactive survey conducted at the event.

According the survey, nearly 100% of CSOs feel they are well prepared to handle spam, worms and viruses, denial of service attacks, and hacker attacks. However, 88% feel their organizations are least prepared to handle inadvertent loss of data, social engineering and inappropriate use. In addition, 75% reported their jobs have become more difficult or substantially more difficult than they were last year.

Founded by former White House advisor Howard Schmidt and Qualys CEO Philippe Courtot, CSO Interchange provides a forum for Chief Security Officers at corporations, government agencies and other organizations to exchange ideas, discuss challenges and learn from the real-world experiences of their peers. The third CSO Interchange forum was sponsored by Qualys with the participation of the (ISC)2.

“The goal of CSO Interchange is to provide an environment where security executives can interact with their peers, share best practices and freely discuss the issues they face,” said Howard Schmidt, co-founder of CSO Interchange and former special advisor for Cyberspace Security at the White House. “Sharing information about security issues and openly discussing solutions helps security professionals make more informed decisions that will better protect the organizations and the customers they serve.”

Additional findings from the survey include:

· 64% of CSOs surveyed are more concerned about compliance this year than they were last year, and 38% report their budget for compliance solutions grew during the past year;
· 74% say their organization must comply with more than five laws and regulations;
· 68% say their security budget is less than 10% of their total IT budget;
· 83% outsource less than 10% of their security, and 40% do not outsource security processes at all;
· 70% feel they do not receive sufficient early warning for cyberattacks.

“The role of the CSO continues to become more complex. CSOs now have responsibility for internal and external threats, compliance with regulatory mandates, and attention to bottom line business performance,” said Philippe Courtot, co-founder of CSO Interchange and CEO of Qualys. “Through the open environment provided at CSO Interchange, we have learned CSOs are still looking for support for policies, procedures and technologies to lockdown their networks and secure data.”

This year’s event included keynotes from top security experts from Carnegie Mellon University, General Motors Corporation, Microsoft and Pershing, as well as interactive roundtable discussions on a variety of topics including compliance, outsourcing, security measurement, early warning systems and mobile device security.
Complete survey results and graphics are available upon request from the CSO Interchange media contacts.

About CSO Interchange

Howard Schmidt, former White House advisor, and Philippe Courtot, Qualys Chairman and CEO, heard countless tales about security professionals tackling similar problems, reinventing the wheel, or worse, learning from disastrous mistakes that might have been avoided. Chief Security Officers face unique challenges, but need not face them alone. Believing security executives could benefit by exchanging ideas with one another, Schmidt and Courtot formed CSO Interchange. The result is an intimate, high-level forum to take place in a no-sales-pitch environment. More information about CSO Interchange can be found at

Don't miss