Friday, February 14, 2014

WSJ Report: Half of IT Execs Don’t Tell Boards Truth About Breaches  (It only gets worse.)

CIOs and chief information security officers often tell company executives that cybersecurity breaches are under control, even when they’re not sure that’s the case, according to a survey released Wednesday by IT research firm Ponemon Institute LLC. The survey of 1,083 IT and IT security workers conducted in January 2014 shows that when reporting on cyber attacks to their CEOs and boards of directors, 19% say their CISOs “make a best guess based on initial information,” and 36% say they “take action on what is known and tell the CEO it’s been taken care of.” Overall, 55% make assertions that they can’t actually support. Only 39% tell their CEOs and boards, “it’s too early [to know] and more time is needed to investigate.”

Read the entire WSJ story.