How many enterprises have found their data under attack in the past year? All of them, according to a new survey of C-level executives in the U.K.
If everyone is under attack, how many have had their defenses pierced? In surveying 115 executives from a wide range of industries, research firm Ponemon Institute found that 77 percent have experienced data breaches at some point. The study, it should be noted, was sponsored by IBM, so the usual caveats about vendor-sponsored research apply.
Respondents estimated that the average cost savings from investing in data protection is GBP 11 million ($16 million). "This suggests a very healthy ROI for data protection programs," says the study. Larry Ponemon, chairman of the research firm, added that "in the face of growing security threats, business leaders are finally recognizing that a strong data protection strategy plays a critical role to their bottom line."
Interestingly, the survey shows that CEOs are more gung-ho about the results of data protection programs than the rest of the C-suite. Of the 23 percent of respondents who were chief execs, 89 percent said that putting an information protection strategy in place was important, versus 67 percent of the CIOs, COOs, division presidents and others surveyed. Ninety-four percent of CEOs said that reducing potential security flaws in business-critical applications was important, compared to 76 percent of the other C-level executives.
On the other hand, employee training was identified as an important part of data security by 76 percent of the non-CEO C-suiters, versus 58 percent of chief executives. And 71 percent of the non-CEO C-suiters said it was important to conduct due diligence on "transactions and relationships that involve the sharing of personal and confidential information," compared to 55 percent of CEOs.
According to the survey, 49 percent CEOs were confident that data breaches could be avoided; 33 percent of the other respondents felt the same way. And here's another interesting finding: Only 5 percent of CEOs called cybercrime the source of greatest risk to their company's data, versus 22 percent of the other C-level execs. What did CEOs see as the biggest threat? Lost or stolen computers or flash drives (53 percent), which was the primary risk for 41 percent of the other C-suiters.
And while it's hardly surprising that CIOs (51 percent) and CISOs (19 percent) were identified as the point people for data protection, it's worth noting that 82 percent of respondents "do not believe a failure to stop a data breach under their watch would cause them to lose their position."