IT Governance surveyed 260 board level individuals across a variety of industries and countries to establish perceptions and knowledge of their organisations IT Security position.

The findings of the survey are below:

Do you believe the greatest threat to your company’s data and IT systems results from:

• Criminals           26.9%
• Competitors      7.7%    
• State -sponsored cyber-attacks 11.9%
• Your own employees     53.5%

Has your business received a concerted cyber-attack in the past 12 months?

• Yes      25%
• No        54.2%
• Do not know     20.8%

Does your organisation have any method of detecting and reporting cyber-attacks or cyber-incidents?

• Yes      76.9%
• No        16.5%
• Do not know     6.5%

Do your company’s board directors receive regular reports on the status of your company’s IT security?

• Yes      58.1%
• No        29.6%
• Do not know     12.3%

If yes, are these reports received:

• Daily     4.6%
• Weekly 10.8%
• Monthly            32.7%
• Annually            17.3%
• Less than annually         34.6%

My knowledge of IT governance is adequate given today’s cyber threats.

• Agree   69.6%
• Disagree           30.4%

For our size of business, we are making the right level of investment in information security.

• Agree   57.3%
• Disagree           30.8%
• Do not know     11.9%

I have lost sleep in the past 12 months because of worries about my company’s IT security.

• Agree   25.8%
• Disagree           4.2%

Do your customers prefer to deal with suppliers with proven IT security credentials?

• Yes      74.2%
• No        7.3%
• Do not know     18.5%

Have any of your customers enquired about your company’s IT security measures in the past 12 months?

• Yes      50.4%
• No        34.6%
• Do not know     15%

Do you know what ISO 27001 is?

• Yes      87.3%
• No        9.2%
• Unsure  3.5%

Is your business compliant with ISO 27001?

• Yes      34.6%
• No        45.8%
• Unsure  19.6%

The survey can be found here.