Nation’s Chief Security Officers Call For Help In Tackling Phishing Threat

Framingham, MA – December 15, 2004 – A quarterly survey of 459 chief security officers (CSOs) and senior security executives conducted by IDG’s CSO magazine reveals ninety-six percent (96%) of CSOs expect phishing activity (i.e., scams using email or pop-up messages to deceive the recipient into disclosing sensitive information) to increase in 2005, but the majority (65%) are not confident that businesses and law enforcement are taking action to prevent phishing scams. An overwhelming majority (95%) of CSOs report they take their own preventative measures by deliberately avoiding responding to an email or pop-up due to concerns it might be phishing.

“More than most other folks, security executives are attuned to the threat phishing poses,” says Lew McCreary, editor in chief of CSO magazine. “And they tend to practice what they preach when it comes to prevention strategies. They also look for help from industry peers and law enforcement to spread awareness about any new threat.”

Despite online security threats (like phishing), the CSO Magazine Security Sensor™ survey reveals 79% of CSOs plan to shop online this holiday season. Of those who do not plan to shop online, 34% say the primary reason is they do not give out personal/financial information via the web; 22% fear identity theft and 17% cite insecure systems. Additionally, when asked which type of shopping poses the greatest security risk, less than half (46%) of CSOs report online shopping and one in four (25%) respondents state in-store shopping.

CSOs on Spyware:

Although 89% of CSOs are confident their organizations’ information security activities are effective, the majority of CSOs (59%) experienced system problems due to spyware/adware (i.e., software that covertly gathers user information via an Internet connection) in the last twelve months; only 27% did not experience problems and 14% are unsure.

CSOs whose organizations were affected by spyware/adware indicate that, as a result, the number one problem was system downtime (92%), followed by legal exposure (11%), loss or damage of internal records (10%) and financial losses (8%).

On the topic of spyware legislation in the works, 83% of CSOs believe regulation to slow the spread of spyware is necessary.

CSOs on Security Spending:

When asked to name the number one factor driving security investments in their organization, almost half of CSOs (45%) answered regulation and compliance from government, industry or internal mandates. The second and third highest scoring factors include self-directed decisions based on needs assessments (17%) and requirements from board of directors, corporate management, business units or customers (10%).

Of note, the risks or risk-related activities that CSOs estimate spending the most time and resources on in 2005 are information security (e.g., cybercrime) at 36%, business ethics compliance (e.g., Sarbanes/Oxley) at 21%, physical security (e.g., access control, cameras/surveillance, security officers, etc.) at 12%, security program management (e.g., RFID, workplace violence, etc.) at 8%, terrorism at 5%, intellectual property loss at 5% and investigations at 4%.

Methodology:

CSO magazine conducted this online survey between November 11, 2004 and November 29, 2004 among 459 chief security officers and other security executives who subscribe to CSO magazine. An email invitation containing a link to the survey was sent to 15,000 CSO subscribers, receiving 459 completed surveys. Respondents have average company revenues of $8.1 billion, average security budgets of $13.3 million and an average number of 21,327 employees.

CSO subscribers are pre-qualified security executives with security purchasing authority at their organizations. The sample was chosen randomly and each CSO magazine subscriber has an equal probability of being selected. Results have a +/- 4.6% margin of error.

About CSO Magazine

Launched in 2002, CSO magazine, its companion website (www.CSOonline.com) and the CSO Perspectives™ conference provide chief security officers (CSOs) with analysis and insight on security trends and a keen understanding of how to develop successful strategies to secure all business assets—from people to information and financial value to physical infrastructure. The magazine is read by 27,000 security leaders from the private and public sectors. The U.S. edition of the magazine and website are the recipients of 50 awards to date, including the American Society of Business Publication Editor’s Magazine of the Year award as well as five Jesse H. Neal National Business Journalism Awards and Grand Neal runner-up honors two years in a row. Licensed editions of CSO magazine are published in Australia, France and Sweden. The CSO Perspectives™ conference, the first face-to-face conference designed for CSOs and featuring speakers from the national stage and the CSO community, offers educational and networking opportunities for pre-qualified corporate and government security executives. CSO magazine, CSOonline.com and the CSO Perspectives conference are produced by International Data Group’s award-winning business unit: CXO Media Inc.

About CXO Media Inc.

CXO Media Inc. produces award-winning media properties and executive programs for corporate officers who use technology to thrive and prosper in this new era of business, including CIO, CMO, CSO magazines and websites, Darwinmag.com and the CIO Executive Council. CXO Media is a subsidiary of International Data Group (IDG), the world's leading technology media, research and event company. A privately-held company, IDG publishes more than 300 magazines and newspapers including Bio-IT World, CIO, CSO, Computerworld, GamePro, InfoWorld, Network World, and PC World. The company features the largest network of technology-specific websites with more than 400 around the world. IDG is also a leading producer of more than 170 computer-related events worldwide including LinuxWorld Conference & Expo®, Macworld Conference & Expo®, DEMO®, and IDC Directions. IDC provides global market research and advice through offices in 50 countries. Company information is available at http://www.idg.com.

NOTE TO EDITORS: Complete findings from the CSO Magazine Security Sensor™ can be found at http://www.csoonline.com/info/css8_results.pdf. If you report any of the data from this news poll it must be sourced as originating from CSO magazine.

# # #