Research Methodology

    To gather data for this report, ESG conducted a comprehensive online survey of IT and information security professionals from private- and public-sector industries designated by the U.S. Department of Homeland Security (DHS) as Critical Infrastructure and Key Resources (CIKR) in the United States between February 2, 2015 and February 11, 2015. To qualify for this survey, respondents were required to be familiar with/responsible for their organization’s information security policies and procedures, especially with respect to the procurement of IT products and services. Respondents also had to be familiar with the cyber supply chain risk management model. All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents.

    After filtering out unqualified respondents, removing duplicate responses, and screening the remaining completed responses (on a number of criteria) for data integrity, we were left with a final total sample of 303 IT and information security professionals.

    Please see the Respondent Demographics section of this report for more information on these respondents.

    Note: Totals in figures and tables throughout this report may not add up to 100% due to rounding.