Why CIOs Don't Want to Discuss Security
That is one possible explanation why only 26 percent of CIOs and IT executives said their company had ever been hacked, according to a survey at the CIO-100 conference last August. Sixty-two percent said their company has never been victimized by external computer crime, and 11 percent were unsure. Unsure is the key word. "These people are being hacked; they just don’t know it," says the CIO of a research and engineering company.
Open and Shut Case
As corporate networks keep expanding, CIOs face a catch-22 situation. Opening their infrastructures to customers, suppliers, business partners and employees is a must. Yet doing so makes their companies more vulnerable to security breaches or attack. "On the one hand, we’re getting pulled to make it easier and easier [for everyone] to access key data from anywhere in the world," says the CIO of a Fortune 1000 manufacturing company. "On the other hand, we’re worried about security. We’re building a paradox here. How do you do all that?"
CIOs’ jobs have been made even more difficult as most corporations trampled past security issues in the mad rush to mine e-commerce gold. In the CIO-100 survey, a mere 9 percent of the respondents reported security as the number-one technology-related issue on which their company was currently focused. More than half of businesses worldwide spend 5 percent or less of their IT budget securing their networks, according to a recent study by Datamonitor. More than 30 percent have yet to even implement adequate security.
Most of the CIOs we spoke to believe the security breaches they’ve experienced thus far?"fortunately," they say with relief?are nuisances rather than dire threats to their companies. However, even mere security nuisances can do real damage to the bottom line.
Take the "I Love You" virus. This and similar viruses brought down systems worldwide and caused $6.7 billion in damages in the first five days, according to Computer Economics. Denial-of-service attacks that temporarily took down high-profile websites like Amazon.com, eBay and Yahoo in February 2000 cost $1.2 billion, according to The Yankee Group. More than 74 percent of companies have experienced financial losses because of cybercrime, according to the Computer Security Institute report. The price tag on e-security breaches alone? More than $17 billion worth of damage worldwide in 2000.
Software giant Microsoft was reportedly hacked for months before it discovered the breach. The costs to a company’s credibility and losses in consumer confidence are difficult to calculate but can be enormous.
$firstKeyword
Receive the latest security news as it breaks.
