Nation’s Chief Security Officers Without Plans For Unconventional Terrorist Attacks

Framingham, MA—June 9, 2004— A new survey of 476 chief security officers (CSOs) and senior security executives conducted by IDG’s CSO magazine reveals three out of five (60%) CSOs believe a terrorist attack is likely to occur on either or both of the upcoming national political conventions in Boston and New York City. Only 35% believe an attack is unlikely. The CSO Magazine Security Sensor™ survey also uncovers that while 63% of CSOs report their organizations have contingency plans for conventional terrorist attacks (e.g., bombing, hostage-taking, etc.), 61% do not have plans for unconventional terrorist attacks (e.g., weapons of mass destruction, nuclear, chemical, biological). Most organizations, however, have contingency plans for natural disasters (94%), cyber attacks (86%) and employee/former employee violence (80%).

“There seems to be a gap between CSOs’ preparations for conventional versus unconventional attacks,” says Lew McCreary, Editor in Chief of CSO magazine. “In today's society, CSOs could face anything from cyber attacks to employee shootings. CSOs need to be creative in developing workable contingency plans that counter the unexpected as well as the expected. Unfortunately, past experience isn't always a reliable model for future risks.”

CSOs’ Views on U.S. Government:

Although respondents indicate the likelihood of a terrorist attack at the upcoming political conventions, 88% of CSOs give the Bush Administration a passing grade for measures taken to protect the U.S. from terrorist attacks following 9/11. Also, when asked about which presidential candidate they have the most confidence in for protecting the U.S. from further terrorist attacks, 54% indicate President Bush, 13% indicate Massachusetts Senator John Kerry, and 21% indicate neither candidate.

With regard to the USA Patriot Act, passed by Congress in 2001, only 16% of CSOs believe it was appropriately written. Forty-three percent (43%) report it should be amended to strike a balance between protecting the homeland and preserving civil liberties, while 19% contend that it needs to be strengthened to give government and law enforcement greater power to protect Americans from terrorism. Only 9% indicate it violates too many civil liberties and should be repealed in its entirety.

Additionally, when it comes to confidence in which government branch or department can best protect the U.S. from terrorist attacks, the results are divided. Seventeen percent (17%) of CSOs express the most confidence in Department of Defense, followed by the Department of Homeland Security (15%) and Federal Bureau of Investigations (11%). While none of the respondents identify Congress as the branch they have the most confidence in, 20% indicate the same level of confidence for all the branches

and departments.

CSOs on What Drives Security Spending:

CSOs report security investments are driven by a number of factors. While they find shoring up their network systems from electronic crime important, it is not what is driving investments. The poll reveals the majority of investment decisions are driven by issues related to regulatory compliance (49%). Only 11% of CSOs report risk of theft of intellectual property or proprietary information as the primary factor driving security investments. Interestingly, maintaining customer confidence (15%) and risk of financial loss (8%) rank lower than regulatory demands on the list of investment priorities for these security executives.

On average, the security professionals polled estimate a total annual security budget of $16.6 million. Over the past nine months, this number has remained consistent with previous CSO Magazine Security Sensor findings. These budgets include both IT security and corporate/physical security.

CSOs on Managing Access:

Despite indicating that the theft of intellectual property or proprietary information is not a key driver for investing in security, CSOs find it to be a major area of concern. Fifty-six percent (56%) of CSOs believe that managing access to critical documents and corporate information (e.g., confidential financials, proprietary strategic data, etc.) within their organizations is “extremely important” with 35% rating it as “very important.” However, 27% say it is unlikely their organization will implement an enterprise-wide solution to mitigate the risk. Fifteen percent (15%) of respondents report a loss or unauthorized duplication of critical documents or corporate information in the past 12 months, while 24% are unsure whether their organization has suffered such losses.

CSOs also report taking great measures to safeguard the critical data in their networks. For example, when employees leave their organizations, most CSOs (74%) report they block access to the network (i.e., email, etc.) and all of its critical documents and proprietary information within the same business day; 39% do so within one hour or less. Similarly, 81% block physical access to the organization (i.e., passcards, locked areas, etc.) within the same business day, with 47% locking the doors within one hour or less.


CSO magazine conducted this online survey between April 27, 2004 and May 18, 2004 among 476 chief security officers and other security executives who subscribe to CSO magazine. An email invitation containing a link to the survey was sent to 20,000 CSO subscribers, receiving 476 completed surveys. Respondents have average company revenues of $7.0 billion, average security budgets of $16.6 million and an average number of employees of 20,030.

CSO subscribers are pre-qualified security executives with security purchasing authority at their organizations. The sample was chosen randomly and each CSO magazine subscriber had an equal probability of being selected. Results have a 4.5% margin of error.

About CSO Magazine

Launched in September 2002, CSO magazine provides chief security officers with high-level information, best practices and strategic insight, helping them balance the safety of their enterprise with the pursuit of business opportunity. In its first two years of publication, CSO has been embraced by high-level security executives in the government and private sectors and has been recognized by prestigious awards judges for its editorial and design excellence. The magazine and its companion website,, have received 51 awards to date, including five Jesse H. Neal National Business Journalism Awards (often referred to as the Pulitzer Prize of publishing) and Grand Neal runner-up honors two years in a row.

About CXO Media Inc.

CSO magazine is published by CXO Media Inc., a company that serves CIOs, CEOs, CFOs, COOs and other corporate officers who use technology to thrive and prosper in this new era of business. The company strives to enhance partnerships between C-level executives, as well as create opportunities for information technology (IT) and consumer marketers to reach them. In addition to publishing CSO, CXO Media publishes CIO magazine,, The CIO Insider,,, and forthcoming CMO magazine and The company also produces Executive Programs, a series of conferences that provide educational and networking opportunities for corporate and government leaders.

CXO Media is a subsidiary of International Data Group (IDG), the world's leading technology media, research and conference company. A privately-held company, IDG publishes more than 300 magazines and newspapers including Bio-IT World, CIO, CSO, Computerworld, GamePro, InfoWorld, Network World, and PC World. The company features the largest network of technology-specific Web sites with more than 400 around the world. IDG is also a leading producer of more than 170 computer-related events worldwide including LinuxWorld Conference & Expo®, Macworld Conference & Expo®, DEMO®, and IDC Directions. IDC provides global market research and advice through offices in 50 countries. Company information is available at

NOTE TO EDITORS: Complete findings from the CSO Magazine Security Sensor survey can be found at If you report any of the data from the survey, the data must be sourced as CSO Magazine Security Sensor™.