70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept

Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year’s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers’ data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers’ affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.

Respondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it’s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.

Thinkstock

Thinkstock

Over three quarters (77%) of respondents say employees would connect to an unsecure WiFi to respond to an urgent request by the CEO or company executive; with just over 30% of security professionals saying they would do so themselves.

As data theft disclosures hit the headlines, it appears to be inadvertently helping companies address the issues. Three quarters of security professionals feel the publicity has helped other companies create a case for budget, focus and resources. Only 15% believe that the headlines have hindered this as they make companies feel powerless to protect against these attacks.

Neil Thacker, Information Security & Strategy Officer at Websense explains: “The more we talk about the issues and share the common techniques used to breach organizations and abuse, steal or damage data, the better. With the increasing data deluge that will only increase with the Internet of Things, and the dilemma of an increasing information security skills shortage, organizations have a tough challenge ahead. Implementing a data theft prevention control that provides a data-centric approach to security, alongside building a culture of security accountability across the business through collaboration, is essential to keep data protected.”
Other Findings:

False Sense of Security

- A third of respondents felt that companies believe their business would not be affected by data loss

- Over a third (35%) felt that companies believe they are protected, but the technology being used is not appropriate to combat data theft

Who is Responsible for a Data Breach?

- While 70% believe the CEO is ultimately responsible should a data breach take place, 13% believe it should be the CSO

- 9% feel it should be the rest of the board (outside of the CEO & CSO)

- 5% believe it is the IT department

- 4% say it is the employee responsible for the breach

The sample size of this international survey was 102 respondents from 15 countries. These included security professionals from government and public and private sector organizations, as well as senior managers charged with responsibility for risk, audit and compliance.


Updated Date: Mar 26, 2015 11:48 AM