NTT Com Security worried by data security 'indifference'
Senior decision makers blasé about risk of getting breached, study of 800 executives concludes
An NTT Com Security study has exposed “worrying levels of indifference” towards data security among senior decision makers outside the IT department at large organisations.
Poor data security finished fairly low down the pecking order when the security firm quizzed 800 senior staff on what they saw as the single greatest risk to their business. It was picked by just nine per cent of respondents from the list of options, compared with 23 per cent for "competitors taking market share", 19 per cent for "lack of employee skills in key areas" and 12 per cent each for "increase in global competition" and "decreasing profits".
None of the executives in Australia, France, Germany, Hong Kong, Norway, Sweden, the UK and US who were quizzed had roles in IT.
Almost two thirds (63 per cent) of respondents said they expect to suffer a data security breach at some point, but did not appear to fully appreciate the financial impact. Seventeen per cent said being breached would have no impact on them at all.
Garry Sidaway, senior vice president of security strategy at NTT Com Security, said he was surprised by the findings given the recent torrent of data-breach headlines involving the likes of Target, Sony and JPMorgan.
“This shows me that executives are not getting the message that it does impact their business,” he said.
Sidaway also highlighted a statistic from the research suggesting that 51 per cent of respondents regarded accessing data safely as the sole responsibility of the IT department.
“The report highlights that [data security] is not just a technology problem but a people problem," he said. "We need to embed risk management into the business so the impact is understood and it’s everyone’s responsibility.”
Ian Kilpatrick, chairman of security VAD Wick Hill, said he agreed with the findings, but only partly.
"The challenge with security is not indifference but getting the correct risk understanding into the boardroom," he said.
"People roll out whatever the newest business application is as it gives them a competitive edge, then at some point - three or five years later - they back fill security based either on bad experiences or a belated recognition of the risk. If people were able to assess the risk correctly, they would make different decisions."