One of the biggest obstacles to improving information security within an organisation is the business executives, with the CIO being a big part of the problem, PwC's Global State of Information Security 2014 report has revealed.
PwC’s survey of more than 9,600 senior leaders from across 115 countries found 18 per cent of Asia Pacific respondents see the CIO to be a hindrance when taking action to improve the effectiveness of information security within their organisations, 2 per cent above the global average.
The CIO is nearly as big an impediment to this as insufficient capital expenditures (almost 22 per cent), and a greater hindrance than insufficient operating expenditures (15.5 per cent) in the region.
The survey found that the CFO mostly considers the CIO to be a hindrance, with a lack of dialogue between the two causing this issue.
Others from the senior leadership team were not off the hook as 25 per cent of Asia Pacific respondents pointed the finger at the CEO, president or board of their company for being a hindrance to improving information security. Nineteen per cent pointed the finger at CSO or CISO.
While senior business leaders point at each other, the survey also found a lack of actionable vision or understanding of how future business needs impact information security to be an obstacle for almost 30 per cent of Asian Pacific respondents. Lack of information security strategy was noted by about 28.5 per cent.
Globally, 23.5 per cent said a lack of actionable vision was a problem, with 22 per cent citing lack of information security strategy.
“It is troubling that deeply fundamental issues such as the understanding and alignment of security with future business needs and the efficacy of security strategies are among top concerns.
"Respondents are also very likely to point to executive leadership, the CEO in particular, as a top impediment to improved security,” read PwC’s report of the survey.
Another factor contributing to the problem is 19.4 per cent of Asia Pacific respondents said their organisation does not have a senior executive who proactively communicates the importance of information security to the rest of the organisation, 5 per cent above the global average.
Despite the lack of vision and collaboration internally, almost 59 per cent of Asian Pacific respondents said their organisation collaborates with others in their industry to improve security and reduce risk, 9 per cent above the global average.
Follow Rebecca Merrett on Twitter: @Rebecca_Merrett
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.