CSO Online cites a recent survey on security leadership and offers this perspective in a post called “Are CIOs Too Cocky About Security”:
There’s been no shortage of high-profile and damaging data breaches in the past year….
Despite these attacks, the ninth annual Global Information Security Survey conducted by CIO’s sister publication CSO magazine and PricewaterhouseCoopers indicates that of the 9,600-plus business and technology execs surveyed, 43 percent identify themselves as security frontrunners and believe they have a sound security strategy and are executing it effectively.
“Clearly, something unusual is happening, with so many organizations viewing themselves as security leaders,” says Mark Lobel, a principal in the advisory services division of PwC. In reality, “nowhere near 43 percent [are] leaders.”
Pete Lindstrom, research director at Spire Security, has another take. “Either 43 percent are fooling themselves, or they are reaching a good level of success in setting their strategy and hitting it.”
I have serious doubts about how this survey was written.
Asking a CIO if they are a leader is like asking for trouble. Why not be concerned that 57 percent of top executives say they are followers?
In other words, being a leader in security does not mean being breach-proof or free from attacks, which the quotes above imply. That’s an awful dichotomy. Leaders are the ones who respond quickly to breaches, disclose them fully and learn from them.