Execs think IT security is in good shape – but is it?

The good news: Most executives report their companies are doing pretty well when it comes to IT security. The bad news: It probably isn’t true. 

IT managers often have a tough time convincing execs to invest money in IT security. One reason may be that the people in charge of the corporate pocketbook have an overly rosy view how well-protected their data is.

For example, most (68%) of the 9,300 CEOs, CFOs, vice presidents and IT leaders surveyed believe their companies have “instilled effective security behaviors into their organizational culture,” according to a recent survey from PwC Consulting. Only 20% weren’t confident in their organization’s security culture, while 12% didn’t know.

In addition, 70% are confident that their security policies and practices have been effective.

But is that really the case at a majority of companies? Most IT pros would likely agree that users don’t always behave as though security is at the top of their minds. And other data in the PwC report may show that confidence could be a little too high. For example:

  1. Fewer than half (44%) say their firms only collect the minimum amount of sensitive personal information they need to do business
  2. Less than a third of companies require third parties they do business with to follow their own internal security policies, and
  3. Just 25% of respondents said security staff become involved in projects from the beginning.

Despite those poor practices — and despite the rising number of IT security attacks faced by companies — organizations’ confidence has led to security budgets staying flat, as less than half of companies expect security spending to increase.

A budget increase would come in handy, though, as 26% of respondents said their biggest obstacle to improving IT security was a lack of funding — making that the top answer out of all the choices. Many also pointed to a lack of support for security from the executive level.

Therefore, it’s IT’s job to convince those leaders that the company is vulnerable to security threats and that more spending will help lower the risk. For some help, download our white paper, 7 Statements Your CFO or CEO Needs to Hear to Increase IT Spending.