CIO and CISO

Privacy Leader

Marketer and Brand Manager

Blog

Consumer Influences on Most Trusted for Privacy
March 4, 2010
FoxBusiness.com called the other day asking if we might be interested in talking about our annual Most Trusted Companies for Privacy study. Permalink

Use What Works to Create a Culture of Privacy
December 20, 2009
I was in an industrial facility recently and noticed large banners on the walls proclaiming “12 Years without a Safety Incident. Permalink

Training Is the Strongest Link
December 10, 2009
Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro). Permalink

Home » Blog » Dr. Ponemon's blog » What We have here is, Failure to Communicate » 

RSS Feed

RSS Feed RSS Feed

What We have here is, Failure to Communicate

July 14, 2009

Privacy pro: Do you ever feel like you are working overtime to meet overly ambitious expectations? Are you frustrated by your attempts to outline a plan for protecting sensitive personal information only to get the sense that you are talking to a brick wall? 

CEO: Are you puzzled as to why the people your company has hired to address security and privacy concerns never seem to meet the objectives you have for them? Are you flummoxed by the fact that the investments you’ve made in data security aren’t helping to stem the tide of data loss? 
For a long time we’ve known that there’s been something of a disconnect between the C-suite and the front lines of security and privacy. Call it an educated gut sense, gained from reading between the lines of our many privacy and security studies – and reading between the lines on the faces of our friends and colleagues. 
We recently completed a study meant to identify that very situation and, to no one’s surprise, found that there is a significant gap between the perceptions and expectations of the folks occupying the corner office and those who are tasked with conceiving of and carrying out privacy and data security orders. 
Some of the findings include some stunning gaps between what CEOs believe to be among the most important security and privacy priorities, and what C-level security and privacy executives believe to be those priorities. For example:
·         100 percent of CEOs said reducing security flaws within business-critical applications was important or very important, but only 65 percent of C-level privacy and security executives agreed.
·         93 percent of CEOs said identifying and responding to a data breach was important or very important, but only 58 percent of C-level privacy and security executives agreed.
·         87 percent of CEOs said protecting confidential information shared with vendors, business partners, and other third parties was important or very important, but only 48 percent of C-level privacy and security executives agreed.
 The famous line from Cool Hand Luke seems to apply: “What we have here is, failure to communicate.” 
Let us know your thoughts on this troubling finding, and what strategies might security and privacy pros use to overcome this gap and bring their departments into harmony with the corner office. 
(If you are interested in downloading a copy of the study, you can do so by visiting Ounce Labs, whose generous underwriting made this research possible.)

Posted by Larry Ponemon at 3:38 pm


Add Comment (0 comments)