The German survey — reported on by GigaOm — should be a wakeup call for Amazon and other cloud service providers. Expect to see other European and Asian countries reflect a similar disenchantment.

In the earlier survey, PwC was gentle in debunking the CEOs' confidence. They asked questions to further define security leaders, as opposed to the delusional, on the following criteria:

Have an overall information security policy





Employ a chief information security officer or equivalent that reports to top leadership





Have measured and review the effectiveness of their security measures within the past year





Understand exactly what type of security events have occurred in the past year

After applying these criteria, PwC found that only 17 percent of all survey respondents are ahead of the game.

Another interesting wrinkle: the companies that identify themselves as front runners spend almost as much as firms who, by their own admission, are the least prepared to run an effective security program. Maybe those security programs aren't cost-effective.

The Storage Bits take

This week's Great Debate asked if companies should take NSA spying into account in their cloud buying. In arguing yes, I made the point that cloud service providers owe their customers the best possible security — including against NSA spying — because even NSA analysts can be corrupted.

Now it is clear, if unsurprising, that cloud service providers must also take security much more seriously than they have in the past. The US won't always be the world's largest IT market and even now its global market share is shrinking. American companies need to up their game to remain leaders.

Comments welcome, of course. How does your company rate on the PwC criteria? How complacent is senior management?