Companies also lack clarity on what constitutes data as sensitive, confidential or public, with only 63 percent of respondents reporting that their organizations have a system for properly classifying data. "The findings suggest many companies are either ineffective in securing the most important data or attempting to secure all data instead of focusing resources on data that presents the greatest risk, if exposed through a breach," said Slemp. However, he added that in a positive development, there was year-over-year growth in the percentage of companies putting into place detailed schemes and policies to classify their data, which is key to understanding and securing an organization's most sensitive information.
CIOs Take a More Strategic Role
Another positive development is that, as data security continues to play a larger role in business operations and the use of so-called big data becomes more integrated with strategic business objectives, CIOs are seeing their responsibilities increase. The survey showed that more CIOs are taking responsibility for data governance strategy, oversight and execution within their organizations. Additionally, companies with documented crisis plans enacted in response to a data breach or hacking incident have now begun to involve their CIOs far more than ever before. In 2012, only 58 percent reported that their CIO was involved in addressing such an incident compared to 72 percent in 2013 (up 14 percent).
"The role of the Chief Information Officer is becoming more prominent in organizations, in part, because of the importance of data, both in terms of advancing the business as well as managing risk," said Slemp. The reality is that as data continues to evolve as a critically important asset, it must be managed differently, and more effectively than other assets."Survey and Benchmarking Tool The second edition of Protiviti's IT Security and Privacy Survey gathered insights from 194 information technology executives and professionals at companies with gross annual revenues ranging from less than $100 million to greater than $20 billion. The survey was conducted in the first and second quarters of 2013. Respondents included CIOs, CSOs, IT directors, managers and IT auditors. The survey is available at: www.protiviti.com/ITsecuritysurvey. IT professionals can also compare their organization's policies and practices to the survey findings online using Protiviti's IT Security Benchmarking Tool ( www.protiviti.com/ITsecuritysurvey). Users can submit responses to questions from the survey about data classification and management, data governance, strategy and policy, and third-party vendor and access management, and then download their results in a personalized report showing how they compare to the companies in Protiviti's survey. Webinar and Podcast Explore Survey Results A complimentary webinar discussing the survey results will be held Tuesday, June 18, 2013, from 10:00 – 11:00 a.m. PDT. Protiviti's Cal Slemp will be joined by fellow Protiviti Managing Director Jeff Sanchez and guest speaker Charly Paelinck, senior vice president and Chief Technology Officer, Caesars Entertainment. To register for the webinar, visit http://www.protiviti.com/webinars. Additionally, a podcast featuring Slemp discussing key trends from the survey results is available at www.protiviti.com/podcasts. About Protiviti Inc. Protiviti ( www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through its network of more than 70 offices in over 20 countries, Protiviti has served more than 35 percent of FORTUNE 1000 ® and FORTUNE Global 500 ® companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half International (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.