Even more than CEOs, CIOs have everything to worry about

Summary:Each member of the C-suite has something to worry about when it comes to security, according to a survey.

C-suite executives - the senior managers with "chief" in their job title - have many worries but it seems there is no single worry for all C-suite executives, just a different, pressing one for each.

IBM Chief Information Security Office (CISO) report found that while CISOs believe that all their peers in the C-suite worry about security, they worry about it to different degrees. 

Here's what is really worrying CIOs, right now

Here's what is really worrying CIOs, right now

CISOs think that 41 percent of CEOs worry about the loss of brand reputation and trust that comes with security breaches. CISOs believe that their CFOs will most worry about the financial loss the company may incur (47 percent), while again unsurprising, the largest number of COOs will worry about downtime, 42 percent.

But how about CIOs? Well none of them (according to the research) feel financial loss is of any concern to them. In terms of other concerns, they are more or less evenly split with 26 percent worried about loss of brand reputation, 24 percent operation down time and a lowly 18 percent worried about compliance violation. But most CIOs (32 percent) ticked the box marked 'Other': so CIOs worry about everything or nothing in particular, depending on which way you look at it.

As IBM points out, this broad spectrum of worries poses a difficult challenge. To help allay these various concerns, the security leaders IBM interviewed say they meet regularly with their boards and C-suite executives with the most popular frequency being once per quarter. When they meet, the top topics that they discuss include identifying and assessing risks (59 percent), resolving budget issues and requests (49 percent) and new technology deployments (44 percent).

The report notes that security chiefs think loss of brand reputation or customer trust is the most important business concern across their organisations, although IBM notes it's hard to track the impact of security breaches and other incidents to brand reputation — "even though there can be an impact to stock price or public perception", the report says.

The increasing mobility within organisations and the proliferation of intelligent devices raised real issues, according to the survey with less than 40 percent of organisations having deployed specific response policies for personally owned devices or an enterprise strategy for bring-your-own-device (BYOD).

The good news is that the gap is being recognised with 39 percent of CISOs  planning to establish an enterprise strategy for BYOD within the next 12 months, and 27 percent doing likewise with an incident response policy.

However, IBM warned that technical and business metrics are still focused on operational issues. While 90 percent of interviewees said they track security incidents, lost or stolen records, data or devices, and audit and compliance status, fewer respondents (12 percent) are feeding business and security measures into their enterprise risk process, even though security leaders say the impact of security on overall enterprise risk is their most important success factor.

Further reading

Topics: CXO, IBM, Security


Colin has been a computer journalist for some 30 years having started in the business the same year that the IBM PC was launched, although the first piece he wrote was about computer audit. He was at one time editor of Computing magazine in London and prior to that held a number of editing jobs, including time spent at the late DEC Compu... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.