Chief financial officers continue to rank information security as their top priority as compliance auditors and the fear of public humiliation over data leaks drive new levels of IT security scrutiny, according to a new survey.
The study, conducted by IT services giant Computer Sciences in collaboration with FERF (Financial Executives Research Foundation), FEI (Financial Executives International) and the CFIT (Committee on Finance & Information Technology), also concludes that despite the fretting over potential fines or data losses, many enterprises do not have adequate plans in place to protect their information.
According to the survey, which is in its eighth year and based on responses garnered from roughly 700 financial executives, only 20 percent of those interviewed by CSC said they feel "highly satisfied" with their security policies and infrastructure.
Roughly 10 percent of the executives said their company has already experienced a major business interruption as a result of cyber-attacks.
"Information security persists as an area of significant concern for financial officers due to the growing number of audits evaluating security measures, the frequency of security breaches and broad press coverage of those breaches," Jerry Boltin, practice leader of CSC's Business Intelligence Consulting Group, wrote in the report.
"This is not a surprise when one considers the potential for negative market consequences if confidential information is compromised."
Surprisingly, even though survey respondents expressed widespread concern over security, a majority (60 percent) said that their companies, and this includes large enterprises, do not have a strategic IT security plan in place.
CSC said that among organizations with more than $5 billion in revenue, only 63 percent of those interviewed reported having a formal plan.
Experts said that the results are puzzling given the widespread spending on security technologies that has been tracked over the last several years.
"As we've said in previous survey reports, this is paradoxical given the size of the IT investments and the potential consequences of these decisions," Taylor Hawes, chairman of CFIT, said in the report.
But Hawes added that the inconsistent results may help explain the variability in return on IT investment and project success rates.
"This year a number of respondents reported success rates in excess of 90 percent, while another significant group reported success rates of less than 30 percent."
Beyond security, the executives responding to the study said they are most frustrated by a lack of budget to spend on analytical technologies that could improve their businesses' overall performance and please shareholders.
More criminals are blending IT threats. Click here to read more.
Echoing results of the 2005 iteration of the CFO report, roughly 8 percent of respondents said they had improved their ability to employ such tools over the previous twelve months.
CSC, based in El Segundo, Calif., contends that those organizations that are actually upgrading their analytical and decision-support capabilities are focused primarily on projects that work to increase the accuracy of business planning, measure company performance and improve budgeting capabilities.
The study also found that most forms of business outsourcing are expected to grow over the next year, with offloading of payroll services and IT operations ranked by CFOs as their leading plans.
Some 57 percent of those surveyed said they plan to pursue payroll outsourcing strategies, with 27 percent citing plans to delegate some IT work to outside firms.
Also mirroring results from the 2005 version of the report, CFOs indicated that the top three areas of deficiency for their respective companies were project management, understanding the business-IT relationship and communication.
About one out of three IT projects is considered less than successful by senior management officials, and that is a direct result of those deficiencies, wrote CSC's Boltin.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.
Channel News and Analysis 
