The ZeuS botnet (a.k.a. Zbot) remains on the loose, stealing usernames and passwords to break into bank accounts. The Stuxnet worm is haunting industrial control systems around the globe--rumored to have been aimed at sabotaging a nuclear reactor. Microsoft (NASDAQ: MSFT), which released a record-breaking number of software patches in one day earlier this month, is trying to shift the security focus to Oracle (NASDAQ: ORCL) by warning of "an unprecedented wave of Java exploitation."

There are enough viruses, worms and other exploits out there to keep a CIO awake all night. But these creepy crawlers aren't the only things causing insomnia among IT executives. When we asked CIOs from a variety of industries to tell us about the scariest things that are on their minds, we got some surprising answers. As it turns out, some of the most frightening prospects out there can come in relatively friendly guises, such as business units, budget writers and even waiters...

Tom Conophy, CIO, InterContinental Hotels Group:

The scary area that's still out there is related to credit card fraud. Our industry is a targeted industry. In hotels, you've got a series of systems, and each hotel selects and puts these systems in themselves. An average hotel has 50 to 60 systems in it. You're a small business owner, you hire your own staff, you have turnover. Somebody helps set up your system, and they put in default passwords for you. The bad guys look for that. 

You see everything from a bad employee in the food and beverage area taking your credit card at the breakfast table--swiping it under their apron on a handheld device---to the more sophisticated fraud, where they go into the point of sales environment and upload a malicious program. You, the merchant, are liable, not IHG. What we're concerned about is that your brand, which is our brand, is now in the news. It's really about brand protection.

The challenge is in how you educate the hotels around point of sales practices. Most hotels don't have technical people on staff. We've been on an education path for the last few years. We provide as much direction as possible from a central point of view. We happen to have a very strong relationship with our owner group. Many of them get it. 

Nicole Brouillard, senior vice president and CIO, Chubb Personal Insurance:

What really keeps me up at night is building a good discipline around project management. I'm in a new role, and one of the reasons I was asked to be in this role was because of a substantial investment in IT. We're making sure that both IT and the business are in that investment together. The challenge is how to structure, build and maintain that partnership. The business alignment is quite strong in the unit I'm in--it's more about the accountability on both sides, as it relates to the investment in IT. There are not a lot of metrics around accountability from the business on that. 

Our program tends to be two or three years for this level of investment, and we're trying to change our mindset to attack projects more gradually, with the highest impact delivered up front. It's more of an incremental approach. We're working with the business on breaking [the project] into chunks that have some benefit and accepting that as not complete today. I think the fear on the business side is out of habit. In the past, when something was delivered, you never really went back and built upon it. They understand it's really just about looking at it differently.

Russ Mayer, vice president and CIO, GE Technology Infrastructure:

It's not the viruses today, it's the much more organized attacks. They're very sophisticated, they're very well-financed, and they're very good at what they do. Traditional methods of security do not stop these folks. That's what scares me for the long term. I spent several months getting a top secret clearance from the government [to work with officials on the problem]. In the short term, it's running into some kind of crazy piece of technology that's so old that nobody knows anything about it anymore. All those grey-haired folks [who understood the older technologies] are long gone. 

Carol Copeland, director of IT, Robins & Morton:

What keeps me up at night? Where do I start? I have more projects than time. Everybody wants something, and everybody feels that what they want is the most important thing out there. How do you determine who has the greatest need? You pretty much have to analyze what the benefit to the company as a whole is going to be. There are quite a few metrics we go by. Time and budget are considerations. Sometimes though, it's as much a gut feeling as anything else. I want [people making requests] to have researched it and looked at the different vendors. They have to have some buy-in into the project. 

Our infrastructure is laid out pretty well, and I'm proud to say we have very little downtime. Our infrastructure pretty much is running itself. I have surrounded myself with very competent network guys, and I'm the one who ends up worrying about whether we're bringing business value to the company. 

Tony Young, CIO, Informatica:

Scariest things? This time of year, it's budgeting. Will I get my budget? For us, this is a brutal time. It's making sure that we are definitely communicating the value of the things we do. 

Related Articles:
Slideshow: 9 Ways Content Management is Going Mobile
SCORECARD: Windows Phone 7 vs. Android 2.2 vs. iOS 4
Slideshow: 10 Indispensable Gadgets for the Enterprise
SOUND OFF: What CIOs should consider before cloud adoption