Aussie CSOs questioning tech value, rarely talk security with executives: Ponemon

Fully one-third of Australian cyber-security teams never speak with their company's executive team about security threats and a further 22 percent only meet once a year to discuss security, according to a new Ponemon Institute survey that has found fully a third of respondents would completely overhaul their IT security infrastructure if they could.

The global Exposing the Cybersecurity Cracks survey (Australian figures here surveyed security professionals in 15 countries, each having an average of 9 years' experience in the security field and some 200 practitioners surveyed in Australia.

Just 43 percent of respondents said their companies invest enough in skilled security personnel and technologies, with the Websense-sponsored survey confirming the anecdotal disconnect between business and security organisations. Only 10 percent of Australian respondents speaking with their executives as frequently as once a quarter and 21 percent speaking with them twice a year.

There was broad dissatisfaction with the performance of security solutions installed in respondents' companies, with only 10 percent saying they had never been disappointed in their security solutions and 47 percent saying they were “frequently disappointed” with the protection a security solution had provided.

Some 38 percent of Australian respondents saying they planned to make significant investments and adjustments to their cyber-security defences in the next 12 months. This figure was well behind the global figure, which confirmed that 49 percent of respondents globally were planning to upgrade their security infrastructures.

Respondents were open about the potential triggers that would encourage executives to invest more in security, with exfiltration of intellectual property named as a potential trigger by 65 percent of respondents. A data breach involving customer data was named by 58 percent, while 46 percent of respondents believed executives would invest more heavily in security if they faced a regulatory investigation of their company's data protection practices.

“Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

“These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.”

Copyright © 2014 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.