sb-eu logo
Story image

Study reveals boardroom to be chink in cybersecurity armour

04 Oct 2017

Leadership and board of director teams are proving to be the weak link in cybersecurity, according to new research from ISACA.

Despite more than 90 percent of surveyed business leaders being in agreement that strong technology governance contributes to improved business outcomes and increased agility, a whopping 69 percent reported that their leadership and board of director teams need to establish a clearer link between business and IT goals.

“The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and IT goals, fully leveraging business technology to improve business outcomes while diligently safeguarding the organisation’s digital assets,” says Matt Loeb, CEO of ISACA.

“The message from our research is clear: there is much work to do in information and technology governance. Committing to a boardroom with technology savvy and experience strongly represented provides the needed foundation for organisations to effectively and securely innovate through technology.”

What is concerning is that only 55 percent of respondents say their leadership team and board are ‘doing everything they can’ to safeguard their organisation’s digital assets and data – 21 percent don’t think they are doing everything they can, while 23 percent don’t know.

In regards to overall governance, cybersecurity policies and defences were cited as the number one corporate governance technological challenge and opportunity faced by leadership teams around the world.

However, only 21 percent of senior leadership and boards are briefed on risk topics at every senior leadership meeting, while only 33 percent of organisations assess risk related to technology use on a monthly or more frequent basis.

What is encouraging, is that many leadership teams are prioritising and increasing funding for cybersecurity and risk management programs.

  • 48 percent will prioritise funding expansion in cyber defence improvements, more than the number that intend to significantly expand funding for digital transformation (33 percent) and cloud (27 percent)
  • 27 percent also intend to fund increases in spending for security consultants, while 25 percent are going to invest in upgrades to network perimeter defences and 17 percent on cyber insurance
  • The majority (64 percent) have already increased spending on risk management in the past year versus last year, while 33 percent intend to increase spending in enterprise risk management programs over the next 12 months.

The leadership teams are also well aware of internal cyber threats, with 61 percent saying the board or senior leadership team believes there is heightened risk from both internal and external threats.

However, despite all this positive news in terms of awareness, most organisations have no plans to increase funding for training over the next year, with 35 percent intending to invest in data security training for employees, 15 percent on cybersecurity training for board members, and 21 percent on employee privacy training.

And GDPR remains a problem for all, with just 32 percent satisfied with the progress they’ve made to prepare for the upcoming regulations. 35 percent are unsure about their progress, while 40 percent are taking a wait-and-see attitude to see how GDPR will impact their organisation.

Finally, respondents were asked to name organisations whose boards they believe to be doing an exemplary job of business technology governance. Of the more than 150 companies noted, Microsoft, Google and IBM were most often cited as leading by example.

Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
BT Security shakes up roster of vendors after 'largest ever' partner review
BT says the decision to review their security partner base was driven by the recognition that many customers find it difficult to navigate today’s complex security landscape, as well as customers’ desire to have a ‘leaner set of partners’.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
COVID-19 related email threats pose huge risk in 2020
According to the company’s annual mid-year roundup report, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.More