Canadian CEOs Acknowledge Own Networks At Risk But Say Preventing Against Threat Not A Priority

Tuesday September 24, 2002

Toronto, ONTARIO � According to a new Ipsos-Reid survey conducted on behalf of IBM Canada, protecting their corporate data and computer networks from a malicious attack is a secondary consideration for the CEOs of most mid-sized Canadian companies, even though only one in three (30%) feel their security measures are �very effective.�

Four in ten (42%) of the surveyed CEOs said protecting their companies from attacks was only a moderate priority, and another 19 per cent said it was not a priority at all, despite the fact that almost half (45%) the companies surveyed had been hit by a computer virus within the last year.

These are the findings of an Ipsos-Reid poll conducted between July 29th and September 13th, 2002. The poll is based on a randomly selected sample of 250 CEOs of mid-sized Canadian companies, defined as having between 100 and 500 employees. With a sample of this size, the results are considered accurate to within �6.2 percentage points, 19 times out of 20, of what they would have been had all CEOs of Canadian mid-sized companies been polled. The margin of error will be larger within regions and for other sub-groupings of the survey population.

Key findings from the survey indicate that�

While Protecting the Company from Malicious Attacks is a Low Business Priority, it is a High IT Priority

  • Three-in-four (75%) CEOs say that protecting the company�s IT systems and the information they contain is a major IT priority.
  • Ensuring the continuity of operations in case of a security breach is deemed a major IT priority by 66% of CEOs.

Almost Half (45%) Report Being Hit By a Virus in the Past Year

  • Just under half of CEOs (45%) state that their company has been inflicted by a computer virus in the past year, making computer viruses the most prolific type of security breach.
  • Twenty-two percent report that they have had computers stolen in the past year, with 20% saying they�ve been hit by outside hacker attacks.
  • The incidence of security breaches is higher among larger mid-sized companies (those with more than 50 computers).

Only Half (51%) Are Using An Outside Independent Consultant for IT Security Assessments

  • Half (51%) of CEOs report that they are using outside independent consultants for IT security assessments.
  • Of those who do use outside consultants, 64% of CEOs report that they personally review the IT security assessments. This is equivalent to 27% of all respondents.

Antivirus Software (98%) and Firewalls (85%) are Popular Security Measures, While Policies on Acceptable use of Computers are Most Popular Policies (80%)

  • Almost all medium-sized companies have anti-virus software in place (98%), with the incidence of firewalls (85%) also high. More than half use centralized single sign-on and access control software (68%) and intrusion detection systems (60%).
  • Only 22% report using authentication devices.
  • Among security policies, policies on acceptable use of computers are most popular (in place in four-of-five (80%) companies), with policies on security and access to computers just behind (79%). Two-in-three (68%) report that in their company, passwords are changed regularly according to strong policy.