It’s been a little over a month since we introduced the K logix Data Security Quadrant. The initial stats and trends coming out of the Quadrant speak as much to the psyche of security professionals as they do to the state of our data security today.

What’s the most interesting thing to come out of the Quadrant so far? Lack of executive involvement in data security.

• Only 18% of companies feel their Data Security Program is “Prepared” - 72% of our respondents feel the program they are in charge of (data security) does not measure up to the myriad of potential threats it faces. We do not require our respondents to explain why they feel this way, but one commenter placed in the “Exposed” Quadrant sums up what we hear from many of our clients, “Our executive team does not put much of an emphasis on security. Hard to make a budget case. Maybe an exposure is what we need?”

The fact of the matter is most security professionals know what they need to do to improve their security program – get executives to understand the value of their data, and make security a priority. But as of today, few executives understand why data security matters. That’s because we’ve done a poor job attributing data protection to revenue. For a closer look at how to tie data protection to revenue, read Kevin Pouche’s post “It’s time to be fanatical” or Kevin West’s post on “The Corrective Lens.”

• Almost a Third of Respondents Classify Their Organizations as “Technology Driven” - In placing themselves in the upper left hand corner of our Quadrant, these Technology-Driven organizations, which account for nearly 30% of respondents, are favoring technology over policy and procedure. Effective policy and procedure requires truly understanding data - where it lives, who accesses it and where it moves. For technology to be effective, it needs to be implemented in support of policies. Our DLP-vendor partners will tell you that the best technology, without process and policy, will not prevent data loss.

Importantly, these tech-exclusive security efforts do a disservice to overall security efforts because they further advance the notion many executives have that IT security is a cost-center. A data breach after a significant investment in technology that is supposed to prevent it is very damaging to an executive’s willingness to support security efforts.

Is your organization Technology Driven too? How does this impact your executive’s view of data security? Mark your spot in the Quadrant today!