Business leaders acknowledge lacking necessary resource amid the growing threat of Cyber attacks.
The Cyber threat is real and business leaders know it but how can they respond to it?
According to research* from Nominet, business leaders have admitted to knowledge gaps and a lack of resources amid the growing threat of Cyber-attacks.
The survey has revealed that the attitude of enterprise boards towards Cyber security is fraught with disagreements and discrepancies about who is actually in charge of responding to a breach.
Businesses waking up to Cyber threats: what is the best approach?
Yaniv Valik, VP at Continuity Software, explains why Cyber threats are no longer just for the IT department to worry about as companies finally wake up to the threat they face.
More than three-quarters (76%) of c-level executives say that a Cyber security breach is inevitable. The threat to businesses in every sector is now at a critical level.
To compound the problem, the majority (90%) of respondents believe their company is missing at least one resource that would help them defend against a severe Cyber-attack, with the most common missing component being advanced technology (59%).
But this is not the only problem. There are more human factors at play, with senior management reluctant to accept advice (46%), a lack of budget (44%) and a lack of people resources (41%) all issues facing organisations. All three of these are considered to be major components of a secure and effective Cyber security strategy. One-third (33%) of the c-suite said that they would terminate the contract of an employee who caused a data breach.
Who rules the roost?
With the stakes incredibly high, financial and reputation damage and potential redundancy, the responsibility of Cyber security is an issue of contention.
The survey suggests there is confusion at board level as to who is ultimately responsible for the immediate response to a data breach. More than a third (35%) of those surveyed believe that the CEO is in charge of the businessʼ response to a data breach, with a little less than a third (32%) saying itʼs down to the CISO. Following a breach, there are collaboration challenges at the top when it comes to resolving the issue.
What Cyber security trends and issues can the world expect in 2019?
- More stringent regulation
- Creation of new roles
Passing the buck?
The majority (71%) of the c-suite concede that they have gaps in their knowledge when it comes to some of the main Cyber threats facing businesses today, the most common of which being malware (78%). This is alarming, given the fact that 70% of businesses admit to having found malware hidden on their networks for an unknown period of time , in some cases, for over a year.
When a security breach does happen, in the majority of businesses surveyed, itʼs first reported to the security team (70%) or the executive/senior management team (61%). In less than half of cases it is reported to the board (40%). This could be because of an uncomfortable truth: one-third of CEOs state that they would terminate the contract of those responsible for a data breach. The majority (71%) of c-suite members also concede a number of knowledge gaps, with the most prevalent being a lack of knowledge around malware (78%)
Show the CISO some love!
When surveyed, more than half (54%) of CISOs said they would receive assistance from other members of the c-suite. Conversely, nearly two-fifths (38%) of those board members say they would work with the security team to solve a Cyber security issue.
This confusion may be a factor in the way that CISOs feel about their place in the workplace and why Cyber security professionals are under increasing pressure.
Cyber security professionals struggling to balance under increasing pressure
Major global study of Cyber security professionals reveals increasing pressure, workload and budgetary deficits.
Just half of CISOs say they feel valued by the rest of the executive team from a revenue and brand protection standpoint. Perhaps more worrying is the fact that nearly a fifth (18%) of CISOs say they believe the board is indifferent to the security team or actually saw them as an inconvenience.
Is this just paranoia?
In reality, support for the CISOs is actually higher than they may realise. CISOs perceive that just 52% of their board of directors sees them as a ‘must haveʼ but the reality is that three quarters (76%) of c-level executives feel that way.
And while this may be the case, the feeling of not being valued is having a damaging effect on the CISO. Over a quarter (27%) said the stress of their job is impacting their physical or mental health. Just as worryingly, nearly a quarter (23%) admitted that the job had also affected their personal relationships. As more of a professional concern, 28% of CISOs also admit that stress levels are having an adverse effect on their ability to do their job.
Cyber security — the unrelenting challenge for leadership
Security is all about understanding the role profiles and accountability of senior leaders and understanding whoʼs responsible for preparation, predictions (i.e. scenario planning), process, rectification when things go wrong and leadership.
Russell Haworth, CEO of Nominet, said: “This research is very much a case of the good, the bad and the ugly. Itʼs good to see that business leaders are aligned on the fact that Cyber-attacks are pretty much an inevitable part of working life. Acceptance is the first step to protection. Thereʼs also a dedication to keeping customer and client data safe.
But the bad comes with the power struggle at the top, with confusion over who should actually take responsibility in case of a data breach or cyber-attack which is detrimental to the safety and security of the business.
The ugly is how CISOs feel within their organisation. Thereʼs a clear disconnect between how valued they feel and how valued they actually are. Whether thatʼs CISOs misunderstanding how important they are or the board failing to communicate this to them, Iʼm unclear. What is abundantly obvious though is that thereʼs still a lot of work to be done. Boards and CISOs need to sit down and agree exactly what the responsibility of the CISO is and exactly whoʼs in charge of the businessʼ response to the pervasive cyber threat.”
*The research surveyed more than 400 C-suite executives from enterprises across the UK and USA, each overseeing businesses with over 8,000 employees.
Co-founder & CEO, Edge IT Group