The explosive growth in online fraud and the impact of tough new US regulations were on the minds of information security executives who gathered in New York this week for the second annual CSO Interchange.
Regulatory compliance was the top concern among attendees, followed by the threats posed by computer worms, viruses and trojans, which executives said were having a financial impact on their companies.
The conference brought together nearly 100 information security experts from a variety of fields, including financial services, healthcare, technology and government.
A survey at the show found that 30% saw complying with regulations as their top security issue. 28% listed worms, viruses and trojans as the most important issue, followed by end-user sloppiness, which 10% considered their biggest issue.
80% of those surveyed said that cyber-attacks had a financial impact on their organisations, although most (62%) costed that impact at less than $50,000 (£26,000) a year.
Online fraud was also on the minds of attendees, with 60% concerned or very concerned about the problem.
Rich Baich, chief information security officer at ChoicePoint, which makes identification and credential verification systems, said the growth in online threats demonstrated the need for organisations to have comprehensive security plans in place.
As IT security issues take on more importance, the profile of chief security officers is rising. Almost 70% of those polled at the show said they reported direct to their company's chief executive or chief information officer.
But moving into executive ranks is bringing its own challenges. 69% said their job had become harder or significantly harder in the last year, with many reporting stagnant recruitment and budgets for IT security.
And even when companies do take on more IT security staff, finding skilled candidates is difficult, according to more than 60% of those polled.
Howard Schmidt, the former White House cyber-security adviser who founded the conference, said chief security officers faced organisational challenges, as they shifted from being a “necessary evil” to an integral part of the executive team. Among other things, they needed to delegate more routine IT security tasks, such as anti-virus technology management and security audits, to traditional IT staff, he said.
To make comprehensive plans work in large organisations, Baich advised chief security officers to learn how to get other executives to sign up to the plans, and translate security issues into terms that other business executives could understand, such as creating value and getting a return on investment in security technology.
Paul Roberts writes for IDG News Service