Turning point for security decision making

According to IBM and The Ponemon Institute research, 77 percent of C-level executives report that their organization has experienced a data breach at some point, while all respondents disclosed that they have had their data attacked in the last 12 months.

Additionally, 76 percent of those surveyed feel that reducing potential security flaws within business-critical applications is the most important aspect of their data protection program.

The survey results indicate C-level executives believe good data protection practices can support important organizational goals such as compliance, reputation management and customer trust. In fact, only a small percentage of the CEOs surveyed, just 18 percent, are very confident that their organization will not suffer a data breach within the next year, and 81 percent of them feel that investing in a security strategy can greatly reduce or mitigate the risk of data loss or theft.

“In the face of growing security threats, business leaders are finally recognizing that a strong data protection strategy plays a critical role to their bottom line,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “Once viewed as purely a technical issue, the responses garnered in our survey highlight a shift in how organizations are treating their investments in security software. Today, C-level executives believe the cost savings from investing in a data protection program is substantially higher than the estimated value of recovering from a breach.”

Further underscoring the impact that a security strategy can have on an organization’s bottom line, survey results indicate that the average cost savings or revenue improvements resulting from data protection initiatives totaled £11 million for organizations.

Other key findings from the study include:

  • Executives in this study estimated the average data breach cost per compromised record is £112, while CEOs estimated it to be £143 per compromised record.
  • 75 percent of respondents report that one person is considered to be in charge of data protection for their organization, and that person is considered by most to be the CIO, especially by the CEO.
  • 51 percent of C-level executives believe the purpose of data protection programs is to increase brand or marketplace image.
  • 34 percent of C-level executives perceive that the frequency of security attacks happens on an hourly basis.