Nearly two-thirds of security executives said they have no way to prevent a data breach, while most respondents said their organizations lack the accountability and resources necessary to enforce data security policy compliance, according to the Elk Rapids, Mich.-based think tank. The study, conducted in June and July, was sponsored by Palo Alto, Calif.-based security firm PortAuthority Technologies Inc.
According to the Ponemon Institute's final report on the survey:
Ponemon said the findings suggest IT pros are between a rock and a hard place because they're shouldering the lion's share of responsibility for preventing breaches but don't have the resources to be 100% effective.
"There's a lot of frustration at the CIO level, because there's a feeling that the responsibilities should be shared across the management structure more than they are," he said. "They're also concerned about their ability to enforce security policies. Even when someone finds the culprit behind a breach, policies aren't enforced and mistakes are repeated in terms of what users do in their computing habits."
But Ponemon said respondents don't see their situation as hopeless.
"A lot of these people feel their current problem is a resource issue, but that technology can help them solve some of the problems," he said.
Raj Dhingra, PortAuthority Technologies' vice president of products and marketing, said his company sponsored the study because it wanted to pinpoint the root causes of corporate data breaches. "We feel this study helps bring greater understanding of these issues, while validating that the industry requires much more than just monitoring of information leaks, but automated enforcement to best prevent information leaks," he said.