Report: Data Protection Weighs Heavy on IT Execs' Minds

Fraud is a fact of corporate life today, as the latest Kroll Global Fraud report notes, somewhat ominously, in its opening pages.

The average company's losses to fraud increased by 22 per cent since last year, and the average business lost US$8.2 million to fraud during the past three years (last year's figure was US$7.6 million).

Those sobering statistics are from a recent survey of 890 senior executives worldwide, commissioned by risk consultancy Kroll.

So what's keeping executives up at nights, besides the slumping economy and financial crises?

The survey found that information theft, loss or attack is the type of fraud that most worried the respondents, with 25 per cent feeling highly vulnerable and 47 per cent feeling moderately so. That data shows why: The fastest growing types of fraud are information theft (27 per cent; up from 22 per cent last year) and regulatory and compliance breaches (25 per cent; up from 19 per cent).

What's interesting, however, is that while senior management may say they have deep concerns about fraud, they also may have some blinders on-and they wind up underestimating the exposure their businesses actually face today.

"The survey data suggests that those who know more about technology and how it is used day to day in a company have a greater concern," notes the report.

In fact, employees working below the C-suite who are closer to an organization's technology efforts and systems are over one and a half times more likely than those at the corporate level to see their companies as highly vulnerable (31 per cent versus 19 per cent), according to the report.

Further bolstering IT's view into possible threats, the survey found that chief technology officers have "opinions closer to those of less senior employees than to those of their C-suite colleagues," states the report. Twenty-five per cent see their businesses as highly vulnerable, whereas only 18 per cent of other corporate peers do.

"If senior executives are not worried about their vulnerability to information theft, they should check whether their sense of safety is based on a thorough understanding of the security deployed by the company, or ignorance of the full extent of threat," notes the survey report. "In this case, too little knowledge could be a dangerous thing."