(Forbes) Being the chief executive has its privileges. And one of them may be a blissful ignorance of your company's data breach risks.
According to a study to be released Tuesday by the privacy-focused Ponemon Institute, companies' chief executives tend to value cybersecurity just as--if not more--highly than their executive colleagues. But compared to lower-level execs, CEOs also tend to underestimate the frequency of cyberthreats their organization faces.
The survey, which was funded by cybersecurity firm Ounce Labs, asked 213 senior executives about their perceptions of data breach risks. Among those respondents, just 17% of CEOs said their company faced attempts by cybercriminals to steal data at least once every hour, compared with 33% of other executives. By contrast, nearly 50% of CEOs said their company experienced an attack "rarely"--less than once a week--while only 32% percent of other executives reported the same frequency of cyberthreats.
That disconnect, says Ponemon founder and lead researcher Larry Ponemon, isn't a matter of CEOs not valuing cybersecurity. On the contrary, about 77% of chief execs said that preventing cyber attacks and insider data theft was "important or very important" compared with just 51% of other respondents.
But Ponemon says that CEOs' staffs may not tell them the full extent of a company's data risks. "Even in the most transparent of companies, there's a bit of hesitance to give the CEO a report of vulnerabilities or even small breaches," says Ponemon. "We don't know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets."
There's plenty of evidence to support the views of the survey's more paranoid respondents. Cybersecurity firms, such as Finland's F-Secure, detect more than 20,000 new variations of malicious software churned out by hackers every day. In fact, the rate of publicly known data breaches has been steadily rising for years, with 646 breaches recorded in 2008, a 46% increase over 2007, according to the Identity Theft Resource Center.
In January, Princeton, N.J.-based payment processor Heartland Payment Systems revealed that it had been the victim of a cybercriminal operation that had gained access to as many as 100 million credit card numbers, potentially the largest data breach of all time.
Despite that sort of high-profile hack, the CEOs interviewed in Ponemon's survey seemed especially unconcerned about cybercrime as a source of data breaches. While 31% named stolen PCs or thumb drives as a source of data loss, only 3% cited malicious hackers as the top threat for their company's data security--about a fifth as many as the lower level employees who cited cybercriminals as the most important threat.