State of the CSO 2010: Progress and peril
Security's credibility has grown by leaps and bounds this decade, but plenty of challenges remain. Exclusive survey results from CSO Magazine.
By Derek Slater
June 28, 2010 — CSO —
Security is very old in most respects, yet very young in others. As a corporate discipline, security unfortunately languished for years in the basement.
Today, as organizations come to grips with a wide swath of risks, the 2010 State of the CSO survey shows those organizations are rapidly adopting more sophisticated view of security. Of course, there's more work to be done—most prominently in the areas of security metrics and awareness programs.
Let's look at the numbers.
1. How well does each statement describe your organization? (Percent who agree or strongly agree with each statement.)
|Senior management has established a security policy and auditing process||23%||81%|
|Senior management views the security leader's role as strategic and permanent||17%||72%|
|Security is viewed as essential to business as opposed to an overhead cost||25%||66%|
|Security considerations are a routine part of your company's business processes||28%||63%|
|All employees receive training in all security policies||38%||78%|
|All employees know the sanctions and consequences of a security policy breach||42%||63%|
|All managers in the organization understand their roles and responsibilities in regards to security||45%||44%|
|All employees consider security to be part of their everyday responsibilities||38%||40%|
Take a moment to reflect on the enormous progress reflected in the chart above.
Six years ago, respondents reported a generally low regard for security risk management within their companies. Policies were not defined. Security leaders were sidelined. Training was minimal.
Today's scenario is different on almost every score; 2010 respondents indicate that security programs are well established in most companies, including policies, personnel and training.
Other than Internet marketing, has any other corporate discipline enjoyed such a rapid and widespread rise in credibility during the same decade? At the risk of falling into a cheerleader role, this is worth noting and celebrating. Current events have clearly been a huge driving factor, but today's security leaders still deserve a pat on the back for helping craft the right organizational response to today's threats.
These 2010 numbers aren't a fluke. Progress in each area has been steadily upward over the years.
Having said that, those upward trends highlight the lack of progress in the bottom two issues. (See next chart for more detail.)