More than half of Fortune 1000 companies lack a full-time chief information security officer, only 38% have a chief security officer, and just 20% have a chief privacy officer. As a result, a majority of companies are failing to adequately assess and manage the risks that information security and privacy issues pose to their business.
Those findings come from "Governance of Enterprise Security," a new study released yesterday by Carnegie Mellon University's CyLab. The report is based on a survey of 66 board directors or senior executives who work at Fortune 1000 companies. Nearly half of respondents work at critical infrastructure companies. CyLab conducted a similar survey in 2008. (more)
If you business does not have a C-level IP warden in the watchtower, at least engage a good counterespionage consultant. You can find one here, or at one of the several URLs which hosts Kevin's Security Scrapbook.
