Execs rate protection of IP higher than customer data: Ponemon

A new global data security survey by the Ponemon Institute has found Australia’s IT security professionals believe that company executives would prefer to spend money on the protection of intellectual property over customer data security.
Written by Leon Spencer, Contributor on

A new survey by the Ponemon Institute has shown that, according to Australia's IT security professionals, company executives would spend more money on IP security concerns rather than customer information breaches, despite the latter occurring more frequently.

The study, Exposing the Cybersecurity Cracks: Australia Part 2, found that although there were more known data security breaches involving customer information, breaches concerning intellectual property took precedence when it came to increasing investment in security infrastructure.

The research showed that, of the top three events respondents said would compel executive teams to allocate more money to digital security initiatives, "exfiltration of intellectual property" came in at number one with 65 percent of respondents naming it in their top three, well over the event of a data breach involving customers' information, which drew the attention of 58 percent of respondents.

Meanwhile, almost 90 percent of respondents said they personally knew another security professional whose company had sensitive or confidential data stolen as a result of an insider threat, with 67 percent saying that the data stolen by the insider was customer information, and 62 percent of respondents saying that intellectual property was stolen.

This is the second report of a two-part study undertaken by the Ponemon Institute, sponsored by security firm, Websense.

The study surveyed 200 IT and IT security practitioners in Australia with an average of nine years experience in the field. The study was also conducted in another 14 countries, including the United States, China, and Singapore.

According to the survey's findings, a third of data security teams never speak with their executive team about security. Of those that did, 22 percent spoke to executives about security "semi-annually".

A third of the respondents said that if they had the resources to do it, they would completely overhaul their current enterprise security system. However, only 38 percent if respondents said they were planning to make significant investments or adjustments to their security defences over the next 12 months.

For Gerry Tucker, Websence Australia and New Zealand country manager, the survey highlights a lack of communication between IT professionals and company executives.

"This highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe," said Tucker.

"It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft," he said.

Editorial standards