SCI-TECH
Study: Gadget sales flat

Protest slams Dell's use of prison labor

Steve Jobs keeps Apple in the limelight

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD
U.S. spies 3 potential nuke sites

U.S.
10,000 refugees from Burundi coming to U.S.

ALLPOLITICS
Foley will name alleged abuser

LAW
Stunned relatives pack Iowa courtroom

ENTERTAINMENT
Rock 'n' roll genius getting his licks at 80

HEALTH
Seafood benefits outweigh risks, government says

TRAVEL
Machu Picchu can wait

CAREER
A well-balanced 'Day on the Job'

(MORE HEADLINES)

MAINPAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW

SCI-TECH

SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
CAREER
LOCAL
IN-DEPTH

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Survey: CIOs not worried about security

From...

by Dan Verton

(IDG) -- Although U.S. companies lose billions of dollars every year as a result of cybercrimes committed by internal and external hackers, more than 90 percent of CIOs polled in a recent survey said they have confidence in their company's network security.

According to a national poll of more than 1,400 CIOs from companies in eight different sectors of the economy, most of corporate America's top IT executives believe their networks are safe from both internal and external security breaches.

RHI Consulting, an IT consulting firm in Menlo Park, Calif., conducted the poll, which includes responses from a random sampling of U.S. companies with 100 or more employees.

MESSAGE BOARD

Security on the Net

An increased investment in hardware, software and network security personnel may offer a partial explanation for the increase in CIO confidence, according to RHI. In another survey conducted last August by the company, 58 percent of CIOs said they had increased spending on their company's network security initiatives.

However, the results of other surveys raise questions about the veracity of the responses offered by the CIOs who participated in the RHI survey. For example, more than half of the respondents in a recent survey conducted by the San Francisco-based Computer Security Institute (CSI) said they didn't report cyberintrusions to law enforcement out of fear of negative publicity or that rival companies would use the information for competitive advantage. In addition, CSI survey respondents reported more than $265 million in losses from cybercrimes last year.

IDG.net INFOCENTER

Related IDG.net Stories

Features

Visit an IDG site

IDG.net search

Likewise, a survey conducted in 1999 by the American Society for Industrial Security and PricewaterhouseCoopers found that Fortune 1,000 companies lost more than $45 billion from thefts of proprietary information in 1999, with high-tech companies reporting 530, the highest number of incidents.

Alan Paller, director of the SANS (System Administration, Networking and Security) Institute, a security research organization in Bethesda, Md., said the majority of CIOs that took part in the RHI survey are likely relying on a "buffer of acceptable risk" that they feel they can live with.

"Just as credit-card companies accept some level of loss as a cost of doing business, so some CIOs are saying 'if I do a really solid job of protecting my systems, then I can live with the low-level pain that some break-ins cause,' " said Paller.

But Paller said he also fears that some CIOs may still have their heads in the sand, unwilling to acknowledge they have a real problem. "Liability in court is likely to be the next lever that will push those ostriches into a more proactive stance," he said.

Bill Crowell, CEO of Cylink Corp. in Santa Clara, Calif., and a former director of the National Security Agency, said many CIOs are "very reluctant" to acknowledge they have problems protecting their networks. In addition, "they use as a measure whether they have substantial losses, not whether they are vulnerable to attack," said Crowell. "Ironically, the loss picture, either through luck or ignorance of what really is going on, looks pretty good to most of them. What is not counted in any of their calculations is the loss from down time, which can be substantial."

Winn Schwartau, president of Interpact Inc. in Seminole, Fla., and author of several books on information security, said it should come as no surprise that CIOs would say they are confident. "What else could they say?" asked Schwartau. "They have to tell their bosses they are secure to keep their jobs. I think this survey was a crock."