Nation’s Chief Security Officers Believe President Bush is Best Candidate to Secure the Homeland CSO Magazine Survey Reveals Security Pros’ Highly Confident in their Companies’ Security, but Lack Success Measurements

FRAMINGHAM, MA – SEPTEMBER 20, 2004 – A quarterly survey of 295 chief security officers (CSOs) and senior security executives conducted by IDG's CSO magazine reveals slightly more than half of CSOs (51%) believe President George W. Bush is the presidential candidate that can do the best job of protecting the United States. One out of four (28%) is not sure which candidate could provide the best security, with 19% choosing Massachusetts Senator John Kerry and 3% picking Ralph Nader. While 12% of the CSOs are currently undecided voters, an overwhelming majority (83%) say they are not going to change their voting plans even if a terrorist attack happens right before the November elections. Also, while 68% of CSOs think there is a likelihood of a terrorist attack aimed at disrupting the 2004 U.S. presidential election, only 20% are doing any special preparation to secure their company in the event of a pre-election terrorist attack.

"Security is a hot issue in the presidential race," says Lew McCreary, Editor in Chief of CSO magazine. "With a slight majority of CSOs choosing President Bush, but a high percentage of respondents still in the ranks of the undecided, it seems as though the nation's security executives haven't yet made up their minds about Kerry as an alternative."

The CSO Magazine Security Sensor(TM) survey also uncovers that CSOs are very confident in their organizations' security with 77% saying their organization is more secure today than it was before 9/11. Additionally, 83% are confident in the effectiveness of their organizations' business continuity/disaster recovery plans in the event of an incident or disaster. Although there is a high-level of confidence, one in five (21%) CSOs do not regularly measure, nor have plans to conduct measurements of, the success of their security operations in meeting established security policies, and 36% indicate their organizations do not have, nor have plans to develop, established return on investment (ROI) metrics for security risk management initiatives.

CSOs' Views on U.S. Government:

Although 39% of CSOs indicate President Bush as the candidate who can do the best job of balancing civil liberties and privacy issues with national security, when asked whether Bush has implemented enough recommendations from the 9-11 Commission, close to half of respondents (46%) say he has not meet their expectations; only 22% say he has, and 32% are unsure.

On the topic of creating a national intelligence czar position (to coordinate intelligence from all 15 U.S. agencies), one in five (21%) CSOs do not agree with the creation of the post; 62% agree and 17% are undecided.

Of note, the survey reveals 45% of these security pros do not trust the security of today's electronic voting machines.

CSOs on Threats and Breaches:

The majority of CSOs (62%) indicate they experienced one or more security breaches or incidents to their organization in the past 12 months, while 19% say they experienced none and 19% are uncertain. Of the IT security breaches that occurred, more than a quarter of CSOs (26%) report the majority of breaches (i.e., 50-100%) were unintentionally caused by internal users/employees.

CSOs also rate the seriousness of various threats to their organizations in the current CSO Magazine Security Sensor(TM). The top five threats are, ranked in order by percentage: blended threats (i.e., threats combined with characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit and spread an attack) at 43%; spyware (i.e., any technology that aids in gathering data about a person or organization without their knowledge) at 32%; spam at 31%; employee misuse of IT resources at 29%; and viruses at 29%.

Methodology:

CSO magazine conducted this online survey between August 25 and September 13, 2004 among 295 chief security officers and other security executives who subscribe to CSO magazine. An email invitation containing a link to the survey was sent to 10,000 CSO subscribers, receiving 295 completed surveys. Respondents have average company revenues of $8 billion, average security budgets of $17.1 million and an average number of employees of 21,420.

CSO subscribers are pre-qualified security executives with security purchasing authority at their organizations. The sample was chosen randomly and each CSO magazine subscriber had an equal probability of being selected. Results have a +/- 5.7% margin of error.

About CSO Magazine

Launched in September 2002, CSO magazine provides chief security officers with high-level information, best practices and strategic insight, helping them balance the safety of their enterprise with the pursuit of business opportunity. In its first two years of publication, CSO has been embraced by high-level security executives in the government and private sectors and has been recognized by prestigious awards judges for its editorial and design excellence. The magazine and its companion website, http://www.csoonline.com/, have received more than 55 awards to date, including five Jesse H. Neal National Business Journalism Awards (often referred to as the Pulitzer Prize of publishing), Grand Neal runner-up honors two years in a row and ASBPE's 2004 Magazine of the Year.

About CXO Media Inc.

CSO magazine is published by CXO Media Inc., a company that serves CIOs, CSOs, CMOs, CEOs, CFOs, COOs and other corporate officers who use technology to thrive and prosper in this new era of business. The company strives to enhance partnerships between C-level executives, as well as create opportunities for information technology (IT) and consumer marketers to reach them. In addition to publishing CSO, CXO Media publishes CIO magazine, http://www.cio.com/, The CIO Insider, http://csoonline.com/, http://www.darwinmag.com/, and newly launched CMO magazine and http://www.cmomagazine.com/. The company also produces Executive Programs, a series of conferences that provide educational and networking opportunities for corporate and government leaders.

CXO Media is a subsidiary of International Data Group (IDG), the world's leading technology media, research and conference company. A privately-held company, IDG publishes more than 300 magazines and newspapers including Bio-IT World, CIO, CSO, Computerworld, GamePro, InfoWorld, Network World, and PC World. The company features the largest network of technology-specific Web sites with more than 400 around the world. IDG is also a leading producer of more than 170 computer-related events worldwide including LinuxWorld Conference & Expo(R), Macworld Conference & Expo(R), DEMO(R), and IDC Directions. IDC provides global market research and advice through offices in 50 countries. Company information is available at http://www.idg.com/.

NOTE TO EDITORS: Complete findings from the CSO Magazine Security Sensor(TM) can be found at

http://www.csoonline.com/info/security_sensor_findings.pdf. If you report any of the data from this news poll it must be sourced as originating from CSO magazine.

###