Security Pros Fear Major CyberattacksSecurity Pros Fear Major Cyberattacks

More than two-thirds of information-security pros say their organizations are at risk for a major cyberattack. Still, 78% of those surveyed by the Information Systems Security Association and the Business Software Alliance say their organizations are prepared to defend against intrusions.

Among other findings in the survey of 1,716 Information Systems Security Association members, released Wednesday at the National Cyber Security Summit, sponsored by the Department of Homeland Security and the high-tech industry:

• 55% say their companies have active information-security-awareness and -training programs for employees, but only 16% note that current training is adequate.

• 61% have formal plans such as documented business-continuity plans covering personnel and facility issues and disaster-recovery plans regarding critical business application and supporting technologies.

• 63% say their companies' top executives receive periodic updates of the status of information security, with 39% saying their organizations treat information security as a matter that requires active participation by senior managers.

At the conference in Santa Clara, Calif., Homeland Security Secretary Tom Ridge said industry's role in cybersecurity is crucial. He noted that 85% of the nation's critical infrastructure, including the cybernetwork that controls it, is owned and operated by the private sector. Ridge called on industry to be vigilant, not only against hackers, but against terrorists as well. "The unfortunate truth is that the number of cybersecurity incidents is on the rise," he said in prepared remarks at the conference. "More than 76,000 occurred in just the first six months of this year. Many of these are the work of hackers. Yet we know the enemies of freedom use the same technology that hackers do, that we do."