CORE Security exposed the division that exists between the CEO and Chief Information Security Officer (CISO), on how they view threats to IT Infrastructure security.


The survey found that these two executive groups remain far apart on how to best address an issue that according to analyst reports, now costs organizations more than $30 billion annually.

The problem is further exacerbated by the lack of communication between the offices of the CEO and CISO. More than 36 percent of CEOs said that the CISO never reports to them on the state of IT infrastructure security, as opposed to only 27 percent who report receiving updates on a somewhat regular basis.

While CISOs are pointing a finger directly at the workforce as their primary concern, citing that a lack of employee education and diligence represents the greatest threat to the security of the corporate IT infrastructure. CEOs disagreed, believing that external phishing attacks represent the largest threat to the organization and that the company has sufficient time and resources to adequately train and educate their employees to effectively mitigate threats.

With more than 60 percent of CISOs responding that they are very concerned about their IT systems experiencing a breach, it was somewhat surprising that only slightly more than half have ever tried to compromise their own networks to test the effectiveness of their security.

In sharp contrast, only 15 percent of CEOs were very concerned about their network being attacked. Yet despite their confidence, 65 percent of CEOs still admitted to not having the sufficient data needed to interpret how security threats translate to overall business risk.

Survey results based on independent survey of 100 CEOs and 100 CISOs/C-Level Security Leads.