Data Security Gives IT Professionals Insomnia

Fraud is a fact of corporate life today, as the latest Kroll Global Fraud report notes, somewhat ominously, in its opening pages.
The average company's losses to fraud increased by 22 percent since last year, and the average business lost US$8.2 million to fraud during the past three years (last year's figure was $7.6 million).
Those sobering statistics are from a recent survey of 890 senior executives worldwide, commissioned by risk consultancy Kroll.
So what's keeping executives up at nights, besides the slumping economy and financial crises?
The survey found that information theft, loss or attack is the type of fraud that most worried the respondents, with 25 percent feeling highly vulnerable and 47 percent feeling moderately so. That data shows why: The fastest growing types of fraud are information theft (27 percent; up from 22 percent last year) and regulatory and compliance breaches (25 percent; up from 19 percent). (See "My Company Has Had a Data Breach. What Do I Do?" for tips on how to handle it quickly and effectively.)
What's interesting, however, is that while senior management may say they have deep concerns about fraud, they also may have some blinders on-and they wind up underestimating the exposure their businesses actually face today.
"The survey data suggests that those who know more about technology and how it is used day to day in a company have a greater concern," notes the report.
In fact, employees working below the C-suite who are closer to an organization's technology efforts and systems are over one and a half times more likely than those at the corporate level to see their companies as highly vulnerable (31 percent versus 19 percent), according to the report.
Further bolstering IT's view into possible threats, the survey found that chief technology officers have "opinions closer to those of less senior employees than to those of their C-suite colleagues," states the report. Twenty-five percent see their businesses as highly vulnerable, whereas only 18 percent of other corporate peers do.
"If senior executives are not worried about their vulnerability to information theft, they should check whether their sense of safety is based on a thorough understanding of the security deployed by the company, or ignorance of the full extent of threat," notes the survey report. "In this case, too little knowledge could be a dangerous thing."