According to a new survey, more than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack. More incredulous is that 40 percent of these same executives don’t even think it’s their responsibility.
The study, conducted by Tanium and Nasdaq, “The Accountability Gap: Cybersecurity & Building a Culture of Responsibility,” found a distressing gap between perceived and actual corporate readiness for data security incidents and a widespread lack of accountability at the highest levels of organizations. This despite a corporate cybercrime toll of more than $445 billion in 2015.
High-profile data breaches are among the most damaging threats corporations face. They can trigger huge costs, loss of business, and irreparable damage to a company’s reputation. Yet executive leadership remains alarmingly unprepared for such an event.
The respondents of the survey were comprised of 1,530 non-executive directors, C-level executives, chief information officers and chief information security officers from across the US, UK, Germany, Japan, Denmark, Norway, Sweden and Finland. Some highlights (or lowlights):
- Among those deemed most vulnerable, 98 percent reported no confidence that their organizations can effectively monitor all devices and users at all times.
- Only 9 percent of highly vulnerable board members believe their systems are regularly updated in response to new cyber threats.
- 87 percent say their malware, antivirus, and software and system patches are not up-to-date.
The survey revealed that data security continues to be a growing area of budget expenditure among Global 2000 companies, with a 24 percent average increase in spending from 2014 to 2015. But the statistics suggest such growth isn’t fast enough. The same study found data breach incidents increasing by 38 percent worldwide last year.
But let’s get back to responsibility and ownership.
“Can you imagine a senior executive admitting he or she doesn’t know how to interpret a profit and loss statement? Or, worse, acting as if they don’t need to?” said Michael Gavaghen, SLPowers’ Vice President of Sales and Marketing. “Until the executive population accepts that information security is absolutely central to their core mission, they will keep losing ground to the criminals.”
Gavaghen added that it’s time for boards of directors to hold executives to account for the security of their information assets, adding, “In no other area of corporate life are so many paid so well to be so irresponsible.”