Story image

Study reveals boardroom to be chink in cybersecurity armour

04 Oct 2017

Leadership and board of director teams are proving to be the weak link in cybersecurity, according to new research from ISACA.

Despite more than 90 percent of surveyed business leaders being in agreement that strong technology governance contributes to improved business outcomes and increased agility, a whopping 69 percent reported that their leadership and board of director teams need to establish a clearer link between business and IT goals.

“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organisation’s digital assets,” says Matt Loeb, CEO of ISACA.

“The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organisations to effectively and securely innovate through technology.”

What is concerning is that only 55 percent of respondents say their leadership team and board are ‘doing everything they can’ to safeguard their organisation’s digital assets and data – 21 percent don’t think they are doing everything they can, while 23 percent don’t know.

In regards to overall governance, cybersecurity policies and defences were cited as the number one corporate governance technological challenge and opportunity faced by leadership teams around the world.

However, only 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting, while only 33 percent of organisations assess risk related to technology use on a monthly or more frequent basis.

What is encouraging, is that many leadership teams are prioritising and increasing funding for cybersecurity and risk management programs.

  • 48 percent will prioritise funding expansion in cyber defence improvements, more than the number that intend to significantly expand funding for digital transformation (33 percent) and cloud (27 percent)
  • 27 percent also intend to fund increases in spending for security consultants, while 25 percent are going to invest in upgrades to network perimeter defences and 17 percent on cyber insurance
  • The majority (64 percent) have already increased spending on risk management in the past year versus last year, while 33 percent intend to increase spending in enterprise risk management programs over the next 12 months.

The leadership teams are also well aware of internal cyber threats, with 61 percent saying the board or senior leadership team believes there is heightened risk from both internal and external threats.

However, despite all this positive news in terms of awareness, most organisations have no plans to increase funding for training over the next year, with 35 percent intending to invest in data security training for employees, 15 percent on cybersecurity training for board members, and 21 percent on employee privacy training.

And GDPR remains a problem for all, with just 32 percent satisfied with the progress they’ve made to prepare for the upcoming regulations. 35 percent are unsure about their progress, while 40 percent are taking a wait-and-see attitude to see how GDPR will impact their organisation.

Finally, respondents were asked to name organisations whose boards they believe to be doing an exemplary job of business technology governance. Of the more than 150 companies noted, Microsoft, Google and IBM were most often cited as leading by example.

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.