Story image

Study reveals boardroom to be chink in cybersecurity armour

04 Oct 17

Leadership and board of director teams are proving to be the weak link in cybersecurity, according to new research from ISACA.

Despite more than 90 percent of surveyed business leaders being in agreement that strong technology governance contributes to improved business outcomes and increased agility, a whopping 69 percent reported that their leadership and board of director teams need to establish a clearer link between business and IT goals.

“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organisation’s digital assets,” says Matt Loeb, CEO of ISACA.

“The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organisations to effectively and securely innovate through technology.”

What is concerning is that only 55 percent of respondents say their leadership team and board are ‘doing everything they can’ to safeguard their organisation’s digital assets and data – 21 percent don’t think they are doing everything they can, while 23 percent don’t know.

In regards to overall governance, cybersecurity policies and defences were cited as the number one corporate governance technological challenge and opportunity faced by leadership teams around the world.

However, only 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting, while only 33 percent of organisations assess risk related to technology use on a monthly or more frequent basis.

What is encouraging, is that many leadership teams are prioritising and increasing funding for cybersecurity and risk management programs.

  • 48 percent will prioritise funding expansion in cyber defence improvements, more than the number that intend to significantly expand funding for digital transformation (33 percent) and cloud (27 percent)
  • 27 percent also intend to fund increases in spending for security consultants, while 25 percent are going to invest in upgrades to network perimeter defences and 17 percent on cyber insurance
  • The majority (64 percent) have already increased spending on risk management in the past year versus last year, while 33 percent intend to increase spending in enterprise risk management programs over the next 12 months.

The leadership teams are also well aware of internal cyber threats, with 61 percent saying the board or senior leadership team believes there is heightened risk from both internal and external threats.

However, despite all this positive news in terms of awareness, most organisations have no plans to increase funding for training over the next year, with 35 percent intending to invest in data security training for employees, 15 percent on cybersecurity training for board members, and 21 percent on employee privacy training.

And GDPR remains a problem for all, with just 32 percent satisfied with the progress they’ve made to prepare for the upcoming regulations. 35 percent are unsure about their progress, while 40 percent are taking a wait-and-see attitude to see how GDPR will impact their organisation.

Finally, respondents were asked to name organisations whose boards they believe to be doing an exemplary job of business technology governance. Of the more than 150 companies noted, Microsoft, Google and IBM were most often cited as leading by example.

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.