Following on from our recent post on who is responsible for the security function, here is the second in our series of posts revealing the results of our research into the attitudes of CIOs.
Next on our agenda is the above question from Ardaman Kohli. It’s true that it doesn’t matter how secure CIOs themselves are and how much they enforce security measures – encrypting files before sharing, requesting password protection to gain access to sensitive information and so on – as their weakest link is ultimately their executives.
The issue is that no business can operate in isolation. As was done in the days before the internet, you can lock your network into a fortress of security so no one can access anything of importance, but just how useful, and likely, is that? We all know that any business has to share certain sensitive information with partners, suppliers and customers, so how do you control this?
Well, our research across 500 CIOs globally, covering France, Germany, Scandinavia, the UK and the USA asked that question too. What was truly interesting is the honesty we saw – just under one third of all CIOs (29%) claim to have control over the majority of data or information shared by executives. Which means two thirds admit they do not have full control. This would be impossible. (Although it’s intriguing to note that a full quarter of CIOs from the US claim to have full control of all sensitive information shared by executives, and that one fifth of CIOs in companies over 5,000 employees. Hmm.)
What is possible, however, is empowering employees and executives to be able to share sensitive information, but only with the relevant security measures in place. It’s a mixture of educating on the issues at risk (both publicly but also with internal training seminars), which many executives are already aware of, and implementing security measures that are robust but not too complicated for the user – ultimately, secure, yet convenient. As we’ve previously blogged about, your strong authentication token may already sit in your pocket.
For more information on the research and to find the complete breakdown of the results between the five countries, different sized business and private and public sectors, download the whitepaper here. And let us know your thoughts and if our research sample indeed reflects your own experiences.
Stay tuned for more research snippets into global CIO attitudes to IT security.