Around one in three senior executives is unaware of the amount of IT budget allocated to data security in their organization or admits that it is not a high priority, new research from NTT Com Security reveals.
While a significant level of business decision-makers acknowledge the importance of data (82%), only a minority (35%) report that their organization spends at least 10% of its IT budget on data security.
The report – entitled Do senior executives understand their role in data security? – is based on information gathered from 800 such officials across eight countries, all from a non-IT function.
The research also indicates inconsistent attitudes towards data among senior execs. Even among those who value data highly enough to allocate a 10% budget spend on security, just a third say they value work-related data over personal data.
Based on the range of responses about their approach to data, the report suggests a four-category sliding scale for grouping execs – Enlightened, Informed, Passive and Complacent.
Among those dubbed complacent (18% of total), just 12% say that all of their organization’s data is completely secure. Only a third in this category view security as vital to their business, and a meagre 8% view data security as a business enabler.
A clearer picture of how strongly senior execs underestimate data security emerges when this group is viewed in combination with the ‘passive’ respondents (13% of total). Over nine in ten of this group do not know how their security budget is split between different types of data. Over a third don’t know if their organization even has a formal data policy.
NTT Com Security CEO Simon Church commented that, “It’s clear that organizational culture needs to change. It’s easy to think that as an industry we’re doing a good job at raising awareness of security threats, but clearly it’s not enough anymore to motivate organizations into action.”
He added that, “We have to reinforce the fact that security is everyone’s problem and everyone’s responsibility.”
Earlier research from NTT Com Security highlights that many senior execs also underestimate the risk posed by a data breach.
The findings of both sets of research are particularly concerning given that more and more companies are suffering major financial repercussions as a result of data breaches, 93% of which, the ICO reports, are caused by human error. Awareness and appreciation of data’s significance, even among the top level of business officials, is clearly lagging behind.