"Companies that are good at managing information security risks typically assign responsibility for their security regimes at the highest levels of the organization," the report states.
But many executives, CFOs included, are not as involved as they should be. Researchers from PwC's U.S. Assurance practice found that only 39 percent of 10,000 executives surveyed last year (as opposed to 52 percent in 2009) said they reviewed their security policies annually. That means that many businesses are running the risk of being outsmarted by inventive hackers, who are reviewing their strategies every day.
Perhaps not surprisingly, in a 2011 study of 583 businesses the Ponemon Institute, which specializes in gathering and analyzing information security data, found that 44 percent viewed their IT infrastructure as "relatively insecure."
