Security Is Growing As A Senior-Management PrioritySecurity Is Growing As A Senior-Management Priority

Security is increasingly a senior-management priority, according to a study released this week by the Business Software Alliance and the Information Systems Security Association.

"Three quarters of those surveyed said that their companies were raising security as a priority because it made them more efficient," says Robert Holleyman, BSA's president and CEO.

The Information Security Survey, based on interviews with 850 members of the Information Systems Security Association, was conducted by research firm Penn, Schoen & Berland Associates Inc.

The report finds that a growing number of companies are raising security to the senior-management level, with 44% of companies having done so in February 2005 compared with 39% doing so in October 2003. "Awareness and action are replacing fear in how security executives are responding to cyberattacks," Holleyman says.

"We've been talking for quite some time about making privacy and security a part of our corporate culture," says Daniel Caprio, chief privacy officer and U.S. deputy assistant secretary for technology policy at the U.S. Department of Commerce. "The increased levels of awareness that we're finding in this survey show that we're making progress."

The numbers, he says, are encouraging: 78% of organizations now have a formal information-security program; 90% of companies have an information-security officer; 55% of companies have a chief privacy officer.

Says Caprio, "As companies create a CISO or CPO and empower that individual, and make that person part of senior management, then budget and resources follow."