Survey: Security a Thought, Not a Focus

Thursday, May 17, 2012 @ 04:05 PM gHale

The energy and utilities industries rank among the lowest when it comes to computer and information security risk management, a new survey said.

This information comes out as Congress considers legislation to mandate cyber security measures in critical industries.

Fed CIO’s say Security Top Concern
Security Awareness: CISO’s Role Changing
Internet Crime: An Upward Spiral
Data Breaches Focus on Money: Study

The survey of 108 global companies also found the financial sector had the best risk management practices, according to the third biennial survey by the Carnegie Mellon University CyLab.

While 91 percent of respondents, which were executive board or senior executive officials, said risk management was actively addressed, only 29 percent said they were paying attention to information technology operations, 33 percent to computer and information security and only 13 percent to management of vendors who provide software and other crucial services, the study found.

The lack of attention paid to security risk management by the energy and utility sectors is interesting since operations and processes fall under the control of information technology systems, the report said.

In a comparison of industries, the study found 57 percent of energy and utility company executives who responded rarely or never reviewed security program assessments. That compares with 17 percent for the financial sector.

John Dickson, a principal at Denim Group and a cyber security expert who works closely with Fortune 500 companies, said the results are consistent with what he has seen in industry.

Although the financial sector generally has better security, he said, the threats those firms face come from criminals based in Eastern Europe. What concerns him are the “nation-state guys” going after the electric and other utilities, who have greater capabilities to disrupt, damage or destroy networks and the information in them, he said.

Leave a Reply

You must be logged in to post a comment.