State of the CSO 2011

Purpose & Methodology

8th annual Stat of the CSO Survey To provide data on the evolving role of CSOs in todays business climate. Survey was sent to a sample of CSO magazines audience. Survey fielded March 9 March 23, 2011. Respondents: 229 security and IT professionals. Margin of error: +/- 6.5 percentage points

Source: State of the CSO Survey, CSO magazine, 2011.

Security Awareness Still a Work in Progress for Smaller Organizations

Senior management has established a security policy and auditing process Senior management views the security leader's role as strategic and permanent Security is viewed as essential to business as opposed to an overhead cost
55% 48% 50% 65% 73% 87%

Security considerations are a routine part of your company's business processes All managers in the organization understand their roles and responsibilities in regards to security All employees consider security to be part of their every day responsibilities

50% 36% 33% 30% 38%

64%

All employees receive training in all security policy topics (visitor policies, physical and electronic access, email and All employees are trained in the sanctions and consequences a security policy breach Publicly reported data breaches cause senior management at my organization to place more emphasis on risk management
$100 Million+ <$100 Million

53% 55% 53% 43%

68%

70%

Q: Please indicate how strongly you agree or disagree with the following statements. Strongly Agree/Agree is shown.
3

Source: State of the CSO Survey, CSO magazine, 2011.

IT Security Stays Central to Roles

Information Security Security-Related Audit Business Continuity/Disaster Recovery
37% 32% 28% 25% 25% 19% 18% 17% 14% 14% 9% 29% 20% 52% 66% 30% 72% 36% 45% 61% 65% 42% 55% 41% 4% 54% 4% 56% 7% 23% 11% 10% 39% 51% 10% 63% 34% 20% 62%

Security of Facilities/Hard Assets Investigations Enterprise Risk Assessment Personal Security

Homeland Security Privacy Executive Protection Fraud Protection Intellectual Property Protection Background Checks

In Charge

Involved

Not Involved

Q: Please indicate your level of responsibility/involvement in each of the following areas at your company.
4

Source: State of the CSO Survey, CSO magazine, 2011.

Focus on Managing Risk Not Just Security

More Value 61% No Change 35%

57%
of respondents organizations use a formal Enterprise Risk Management process or methodology.

Less Value 4%

Q. In the past 12 months, has your organization's senior management placed more, less or the same value on risk management? Q. Does your organization use a formal Enterprise Risk Management process or methodology that incorporates multiple types of risk?
5

Source: State of the CSO Survey, CSO magazine, 2011.

Technology Trends Impacting Security Profession

Ubiquitous data - continually advancing data that allows people to be connected 24/7

26%

Technology as a service - technologies that enable organizations to access IT on demand over the Internet (e.g., cloud computing, on-demand services) Next-generation workforce - "Next Generation" (e.g., "Generation Y", "Millenials") entering the workforce with markedly different values and work ethics than "Generation X" before them. Social media - web-based technologies that allow social interaction (e.g., Facebook, LinkedIn, online communities)

21%

20%

18%

Consumerization of desktop/devices - : trend for new information technology to emerge first in the consumer market and then spread into the workplace.

14%

Q: In your opinion, which of the following trends will have the most profound effect on the role of the security professional in the future?
6

Source: State of the CSO Survey, CSO magazine, 2011.

Regulatory Compliance Spending

59% Increased 56% 53% 59%

Decreased

2% 2% 2% 2%

39% Remained the Same 39% 42% 45%

2011

2010

2009

2008

Q: In the past 12 months has the amount of time you spend on regulatory compliance increased, decreased, or remained the same?
7

Source: State of the CSO Survey, CSO magazine, 2011.

Vendors Integral Part of Security Practice

I am generally satisfied with the quality and relevance of PRODUCTS offered by security vendors

58%

31% 10%

I am generally satisfied with the quality and relevance of SERVICES offered by security vendors

52%

34%

13%

Strongly Agree/Agree

Neither Agree Nor Disagree

Disagree/Strongly Disagree

Q: Please indicate how strongly you agree or disagree with the following statements:
8

Source: State of the CSO Survey, CSO magazine, 2011.

Learn More

For a presentation of the complete survey results, please contact Bob Melk at bmelk@idgenterprise.com.

Source: State of the CSO Survey, CSO magazine, 2011.