Signs a Board Thinks Security is Better than It Is.

Uploaded on 2015-12-07 in TECHNOLOGY--Resilience, FREE TO VIEW

While most boards of directors today consider cybersecurity risks a top concern for the companies they help govern, their true awareness of the threats may not be as good as they think, according to recent results of a Ponemon Institute survey that compared directors' perceptions to IT security executives. 

The study showed that there's a gap between how well the boards believe their charges are doing with security and the perception by security personnel in the trenches working to protect company assets. Here are some indications from the survey that boards of directors may underestimate the cybersecurity risks facing their organisations.

Even though almost three-quarters of directors report that they're charged with overseeing risk assessments and audits at their companies, they may not have the baseline knowledge necessary to really decipher information and capably lead based on these assessments. 

The survey showed that only 33 percent of board members consider themselves knowledgeable or very knowledgeable about cybersecurity. It's not surprising, then that while 70 percent of board members say they understand the security risks their organizations face, just 43 percent of IT security personnel believe their boards truly understand the cyber risk landscape.

Overconfidence Endemic To Boards

The lack of knowledge allows many directors to maintain somewhat Pollyanna-ish views about their organisation's security readiness. Approximately 59 percent of board members rate their cybersecurity governance practices as very effective. At the same time, only 18 percent of security pros also believe this to be true.

"This finding reveals the deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks," the report said.

Board Not Informed of Incidents

The disparity between breaches that board members know about versus those that IT security staff have knowledge of hints at a troubling lack of communication between the board and infosec pros.   Over half of IT security professionals reported that their organisations had experienced a breach involving theft of high-value information in the past two years. 

That's compared with just 23 percent of board members who believed the same. Furthermore, in many cases, board members are unsure if their organizations have experienced security incidents. About one in five directors say they're uncertain if their organisation experienced a cyber attack that disrupted business or IT operations in the past few years and 18 percent said they were unsure if it experienced a breach involved high-value information.

Directors Don't Ask For Security Measurables

While board members recognise the importance of cyber security, 89 percent say they recognise the reputational and marketplace impact breaches or security failures pose, they're not asking for enough information from security departments. 

In fact, only 19 percent of boards use any kind of cybersecurity metrics to keep IT accountable for maintaining an acceptable level of risk for the organisation.

Dark Reading: http://ubm.io/1Hvwnz7

« Data Breaches Hurt 43% of Businesses Last Year
Five Greatest Cybersecurity Myths »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

CTM360

CTM360

CTM360 is a unified external security platform offering 24x7x365 Cyber Threat Management for detecting and responding to cyber threats.

CipherBlade

CipherBlade

CipherBlade specializes in blockchain forensics, data science and transaction tracking.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

3Lines Venture Capital

3Lines Venture Capital

3Lines Venture Capital invests in exceptional founders and startups working on broad disruptive themes of Future of Work, AI enabled enterprises, and Industry 4.0.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.