News

Survey: Insider Theft Tops CIO Worry List

A majority of North American IT chiefs view theft from within as a much greater threat than theft from without, according to a new survey from Secure Computing Corp., an enterprise gateway security provider.

Insider threats stemming from intentional and unintentional data leaks are keeping many IT chiefs awake at night, with fully 80 percent of respondents citing theft from within as their No. 1 security issue overall.

A few caveats: Secure Computing's survey sample size of 103 CIOs at U.S. companies is small, and Secure Computing (as a purveyor of gateway devices designed to both keep the bad guys out and protected content in) does have a dog in the race. Nonetheless, its survey data does raise some provocative issues, as well as explode a few popular myths.

Less than one in five (17 percent) CIOs said they're more concerned about external than internal threats, and more than one-third (37 percent) of respondents acknowledged that their organizations had experienced the loss or theft of sensitive information over the last 12 months.

Surprisingly -- or not, depending on your point of view -- a plurality of respondents (34 percent) cited e-mail as their No. 1 security concern. This was followed by VoIP leakage or theft (cited by one-quarter of respondents) and is even deemed a more substantive threat than unsanctioned Web surfing, which only 21 percent of IT directors said is a top priority.

Likewise, Secure Computing indicated, CIOs aren't sure what to make of Web 2.0-related security concerns. In such cases, they're more likely to cite damage from external threats (e.g., malicious Web 2.0 services or gadgets) as a bigger danger than Web 2.0-related spam or, interestingly, the potential loss or theft of data from Web 2.0 applications.

Where hackers are concerned, CIOs don't have hackers on the brain: Fewer than a quarter of respondents cited hacking or hackers as the biggest overall security threat facing their organizations. Instead, more than half of respondents cited malware as their biggest concern.

Not surprisingly, CIOs are throwing money at their anxieties, directing the bulk of their security-related IT spending to shoring up internal safeguards.

More than one-third of chiefs cited internal security as their primary area of IT spending, while -- shockingly, given the current state of the economy -- CIOs say spending to improve IT asset management is actually lowest on their priority lists. (Asset management-related spending typically spikes during periods of economic uncertainty.)

Elsewhere, Secure Computing claimed, IT security itself is undergoing a perceptual shift of sorts: Only 11 percent of respondents said their boards perceive security spending as a "necessary evil." Almost 90 percent saw security-related spending as "at least as important" as other kinds of IT spending.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.