As part of our series looking at CIO views on security we are also interested in different country attitudes to IT security. As a global organization with offices worldwide, we know only too well how different nationalities and cultures bring a wealth of opinion, experience and perspectives to the table.
So, let’s take a look at Germany, the land of expert engineering, efficiency and organization. Most of the time. Firstly, over one third of German CIOs questioned consider the CIO responsible for the overall IT security of a company. In second place comes the CEO, but a number of German CIOs also think the CFO has a role to play in securing IT operations within organizations (13% compared to UK CIOs of whom only 3% thought some responsibility lay with their CFOs). I wonder what CFOs think about that!
When you take into account how secure passwords are, it gets even more interesting. We asked whether CIOs think a standard log-in or password is safe enough to access IT networks and business applications and over half of German CIOs responded with a resounding ‘yes’ (53%). Luckily at least one quarter of German CIOs claimed to have strong authentication measures in place, with 22% even planning on implementing two-factor authentication with biometrics.
What truly surprised me, however, was that 37% of German CIOs said they weren’t planning to implement any form of strong authentication measures. Surely, given recent security breaches and the importance of authentication being highlighted frequently in the media, we should expect a higher degree of concern?
This also goes against another question where it was shown that 78 percent of German CIOs believed security was a greater priority than convenience. Surely this means two-factor authentication with soft or hard tokens and/or biometrics should be a priority?
Germany’s economy continues to perform admirably, to the envy of Europe, but what our research shows, however, is that the efficiency for which they are respected still needs to make some headway into embracing stronger security across the enterprise.