CEOs often have a rosier view of data protection in their organization than other executives, according to a study released Wednesday by the Ponemon Institute and software security vendor Ounce Labs.
In the study
of 213 CEOs and other senior executives, 92 percent of respondents said that their company's data has been attacked in the past six months. But, CEOs are often more confident about their organization's ability to prevent data breaches than are other executives, the study found. And CEOs are less aware of data breaches that have occurred, the study found.
Respondents were asked how often their company's data is attacked, and 33 percent of C-level executives -- which included COOs, CIOs and division presidents -- replied "hourly or more often," while just 17 percent of CEOs said the same. Twenty percent of C-level executives said their data is attacked daily, while 15 percent of CEOs said the same. And, 48 percent of CEOs said their data was “rarely” attacked, compared to 32 percent of other C-level executives who said so.
CEOs are likely more optimistic about their organization's struggle to protect data because they have passed off those responsibilities to others, Jack Danahy, founder and CTO of Ounce Labs told SCMagazineUS.com on Wednesday. IT professionals, for example, realize that just because certain solutions have been implemented or a plan to protect data is in place, such measures do not guarantee freedom from breaches.
“The CEO knows that, by some functioning metric, work is being done, but people in the trenches know it's a constant rush to get the sandbags up in time,” Danahy said.
Part of the disparity in perception also may arise because employees do not always give CEOs the whole story of what is going on with respect to data loss, he said.
The study also found that the majority of organizations have experienced a breach, but feel unable to prevent future ones. Eighty-two percent of C-level executives said their organization has suffered a data breach in the past, but just 36 percent said they are confident that their organization will not experience one in the next 12 months.