NetWitness Corporation and MIS Training Institute released the results of an information data loss survey conducted at the 6th Annual CISO Executive Summit in Lisbon, Portugal this month. The survey interviewed CISOs, CSOs, and information risk managers from over 20 countries in an attempt to identify the investment and management challenges, priorities, and decisions faced by information security leaders today.
Some highlights of the survey results include:
- 97 percent of the respondents are “very concerned” or “concerned” about data breaches and information theft, while three percent are not worried because they believe their network is already secure.
- There was an overwhelming consensus – 80 percent – among CISOs that insiders, including employees and contractors, are the greatest human threat to data. Only 18 percent reported concern over the threats coming from external sources such as cyber criminals and nation-sponsored attacks such as corporate espionage.
- One in 10 CISOs reported they are not planning on spending anything on security this year and are trying to just survive with their existing technology investments.
- 26 percent view governance, risk and compliance (GRC) verification as the primary business driver for security spending in the next 12 months.
- One-third of respondents believe firewalls alone provide adequate protection against data leaks. A quarter of CISOs reported they do not have the correct data leakage protection technology or just do not know what they should have.
In addition, the survey revealed that nearly 80 percent of CISOs surveyed do not view growing threats from state-sponsored and organized criminal groups as potentially harmful to their data. This opinion stands in sharp contrast to numerous press reports describing external data breaches across all sectors indicating that financial and material losses from cyber crime are on the rise and those criminals are stealing sensitive information and selling this competitive intelligence for profit.
NetWitness and MIS Training Institute derived this data from online interviews with over 60 information security professionals during the month of June.