State of the CSO 2010: Progress and peril

Security's credibility has grown by leaps and bounds this decade, but plenty of challenges remain. Exclusive survey results from CSO Magazine.

By

June 28, 2010CSO

Security is very old in most respects, yet very young in others. As a corporate discipline, security unfortunately languished for years in the basement.

Today, as organizations come to grips with a wide swath of risks, the 2010 State of the CSO survey shows those organizations are rapidly adopting more sophisticated view of security. Of course, there's more work to be done—most prominently in the areas of security metrics and awareness programs.

Let's look at the numbers.

(You can also find State of the CSO survey results from 2009 and 2008.)


1. How well does each statement describe your organization? (Percent who agree or strongly agree with each statement.)

2004 2010
Senior management has established a security policy and auditing process 23% 81%
Senior management views the security leader's role as strategic and permanent 17% 72%
Security is viewed as essential to business as opposed to an overhead cost 25% 66%
Security considerations are a routine part of your company's business processes 28% 63%
All employees receive training in all security policies 38% 78%
All employees know the sanctions and consequences of a security policy breach 42% 63%
All managers in the organization understand their roles and responsibilities in regards to security 45% 44%
All employees consider security to be part of their everyday responsibilities 38% 40%


Take a moment to reflect on the enormous progress reflected in the chart above.

Six years ago, respondents reported a generally low regard for security risk management within their companies. Policies were not defined. Security leaders were sidelined. Training was minimal.

Today's scenario is different on almost every score; 2010 respondents indicate that security programs are well established in most companies, including policies, personnel and training.

Other than Internet marketing, has any other corporate discipline enjoyed such a rapid and widespread rise in credibility during the same decade? At the risk of falling into a cheerleader role, this is worth noting and celebrating. Current events have clearly been a huge driving factor, but today's security leaders still deserve a pat on the back for helping craft the right organizational response to today's threats.

Also see What is a CSO?


These 2010 numbers aren't a fluke. Progress in each area has been steadily upward over the years.

Having said that, those upward trends highlight the lack of progress in the bottom two issues. (See next chart for more detail.)

RESOURCE CENTER