"More than most other folks, security executives are attuned to the threat
phishing poses," says Lew McCreary, editor in chief of CSO magazine.  "And
they tend to practice what they preach when it comes to prevention strategies.
They also look for help from industry peers and law enforcement to spread
awareness about any new threat."
    Despite online security threats (like phishing), the CSO Magazine Security
Sensor(TM) survey reveals 79% of CSOs plan to shop online this holiday season.
Of those who do not plan to shop online, 34% say the primary reason is they do
not give out personal/financial information via the web; 22% fear identity
theft and 17% cite insecure systems.  Additionally, when asked which type of
shopping poses the greatest security risk, less than half (46%) of CSOs report
online shopping and one in four (25%) respondents state in-store shopping.

    CSOs on Spyware:
    Although 89% of CSOs are confident their organizations' information
security activities are effective, the majority of CSOs (59%) experienced
system problems due to spyware/adware (i.e., software that covertly gathers
user information via an Internet connection) in the last twelve months; only
27% did not experience problems and 14% are unsure.
    CSOs whose organizations were affected by spyware/adware indicate that, as
a result, the number one problem was system downtime (92%), followed by legal
exposure (11%), loss or damage of internal records (10%) and financial losses
(8%).
    On the topic of spyware legislation in the works, 83% of CSOs believe
regulation to slow the spread of spyware is necessary.

    CSOs on Security Spending:
    When asked to name the number one factor driving security investments in
their organization, almost half of CSOs (45%) answered regulation and
compliance from government, industry or internal mandates.  The second and
third highest scoring factors include self-directed decisions based on needs
assessments (17%) and requirements from board of directors, corporate
management, business units or customers (10%).
    Of note, the risks or risk-related activities that CSOs estimate spending
the most time and resources on in 2005 are information security (e.g.,
cybercrime) at 36%, business ethics compliance (e.g., Sarbanes/Oxley) at 21%,
physical security (e.g., access control, cameras/surveillance, security
officers, etc.) at 12%, security program management (e.g., RFID, workplace
violence, etc.) at 8%, terrorism at 5%, intellectual property loss at 5% and
investigations at 4%.

    Methodology:
    CSO magazine conducted this online survey between November 11, 2004 and
November 29, 2004 among 459 chief security officers and other security
executives who subscribe to CSO magazine.  An email invitation containing a
link to the survey was sent to 15,000 CSO subscribers, receiving 459 completed
surveys.  Respondents have average company revenues of $8.1 billion, average
security budgets of $13.3 million and an average number of 21,327 employees.
    CSO subscribers are pre-qualified security executives with security
purchasing authority at their organizations.  The sample was chosen randomly
and each CSO magazine subscriber has an equal probability of being selected.
Results have a +/- 4.6% margin of error.

    About CSO Magazine
    Launched in 2002, CSO magazine, its companion website
(http://www.CSOonline.com) and the CSO Perspectives(TM) conference provide
chief security officers (CSOs) with analysis and insight on security trends
and a keen understanding of how to develop successful strategies to secure all
business assets-from people to information and financial value to physical
infrastructure.  The magazine is read by 27,000 security leaders from the
private and public sectors.  The U.S. edition of the magazine and website are
the recipients of 50 awards to date, including the American Society of
Business Publication Editor's Magazine of the Year award as well as five Jesse
H. Neal National Business Journalism Awards and Grand Neal runner-up honors
two years in a row.  Licensed editions of CSO magazine are published in
Australia, France and Sweden.  The CSO Perspectives(TM) conference, the first
face-to-face conference designed for CSOs and featuring speakers from the
national stage and the CSO community, offers educational and networking
opportunities for pre-qualified corporate and government security executives.
CSO magazine, CSOonline.com and the CSO Perspectives conference are produced
by International Data Group's award-winning business unit: CXO Media Inc.

    About CXO Media Inc.
    CXO Media Inc. produces award-winning media properties and executive
programs for corporate officers who use technology to thrive and prosper in
this new era of business, including CIO, CMO, CSO magazines and websites,
Darwinmag.com and the CIO Executive Council.  CXO Media is a subsidiary of
International Data Group (IDG), the world's leading technology media, research
and event company.  A privately-held company, IDG publishes more than 300
magazines and newspapers including Bio-IT World, CIO, CSO, Computerworld,
GamePro, InfoWorld, Network World, and PC World.  The company features the
largest network of technology-specific websites with more than 400 around the
world.  IDG is also a leading producer of more than 170 computer-related
events worldwide including LinuxWorld Conference & Expo(R), Macworld
Conference & Expo(R), DEMO(R), and IDC Directions.  IDC provides global market
research and advice through offices in 50 countries. Company information is
available at http://www.idg.com.

    NOTE TO EDITORS: Complete findings from the CSO Magazine Security
Sensor(TM) can be found at http://www.csoonline.com/info/css8_results.pdf.  If
you report any of the data from this news poll it must be sourced as
originating from CSO magazine.

    CONTACT:
     Lori Piscatelli
     508.988.6838 (office)
     774.217.1330 (cell)
     lpiscatelli@cxo.com