Survey: Insider Theft Tops CIO Worry List

A majority of North American IT chiefs view theft from within as a much greater threat than theft from without, according to a new survey from Secure Computing Corp., an enterprise gateway security provider.

Insider threats stemming from intentional and unintentional data leaks are keeping many IT chiefs awake at night, with fully 80 percent of respondents citing theft from within as their No. 1 security issue overall.

A few caveats: Secure Computing's survey sample size of 103 CIOs at U.S. companies is small, and Secure Computing (as a purveyor of gateway devices designed to both keep the bad guys out and protected content in) does have a dog in the race. Nonetheless, its survey data does raise some provocative issues, as well as explode a few popular myths.

Less than one in five (17 percent) CIOs said they're more concerned about external than internal threats, and more than one-third (37 percent) of respondents acknowledged that their organizations had experienced the loss or theft of sensitive information over the last 12 months.

Surprisingly -- or not, depending on your point of view -- a plurality of respondents (34 percent) cited e-mail as their No. 1 security concern. This was followed by VoIP leakage or theft (cited by one-quarter of respondents) and is even deemed a more substantive threat than unsanctioned Web surfing, which only 21 percent of IT directors said is a top priority.

Likewise, Secure Computing indicated, CIOs aren't sure what to make of Web 2.0-related security concerns. In such cases, they're more likely to cite damage from external threats (e.g., malicious Web 2.0 services or gadgets) as a bigger danger than Web 2.0-related spam or, interestingly, the potential loss or theft of data from Web 2.0 applications.

Where hackers are concerned, CIOs don't have hackers on the brain: Fewer than a quarter of respondents cited hacking or hackers as the biggest overall security threat facing their organizations. Instead, more than half of respondents cited malware as their biggest concern.

Not surprisingly, CIOs are throwing money at their anxieties, directing the bulk of their security-related IT spending to shoring up internal safeguards.

More than one-third of chiefs cited internal security as their primary area of IT spending, while -- shockingly, given the current state of the economy -- CIOs say spending to improve IT asset management is actually lowest on their priority lists. (Asset management-related spending typically spikes during periods of economic uncertainty.)

Elsewhere, Secure Computing claimed, IT security itself is undergoing a perceptual shift of sorts: Only 11 percent of respondents said their boards perceive security spending as a "necessary evil." Almost 90 percent saw security-related spending as "at least as important" as other kinds of IT spending.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • OpenSSF Adopts Microsoft Open Source Software Security Guidelines

    The Open Source Security Foundation (OpenSSF) announced on Wednesday that it has adopted the Secure Supply Chain Consumption Framework (S2C2F) for ensuring the secure use of open source software (OSS) by developers.

  • Microsoft Releases PowerShell 7.3

    PowerShell 7.3 is now at the "general availability" (GA) commercial-release stage.

  • Report: Cloud Services Mostly Used for Data Protection

    Most organizations have turned to the many cloud services to protect their data, according to a survey commissioned by Veeam Software