I recently read a survey conducted by NTT Com Security, a global information security and risk management firm. The subjects were 800 non-IT business decision-makers from the UK, Australia, France, Germany, Hong Kong, Norway, Sweden and the US. Their Risk:Value report had some very interesting—if not disturbing—results. The survey showed that 63% of the respondents expect to suffer a breach, but only 9% see poor data security as the greatest risk to their business. Instead, they cited competition as the biggest threat. As NTT Com Security senior vice president for security strategy and alliances Garry Sidaway put it, the results “reflect a worrying level of indifference.”
With vulnerabilities on display for the world to see from Target, to JP Morgan, to Home Depot and countless other highly publicized breaches, why does there seem to be a disconnect between the reality of cyberthreats and how senior executives view data security relative to the future of their business? I think there are a number of issues at play here, but I am not sure indifference is one of them.