Signs a Board Thinks Security is Better than It Is.

Uploaded on 2015-12-07 in TECHNOLOGY--Resilience, FREE TO VIEW

While most boards of directors today consider cybersecurity risks a top concern for the companies they help govern, their true awareness of the threats may not be as good as they think, according to recent results of a Ponemon Institute survey that compared directors' perceptions to IT security executives. 

The study showed that there's a gap between how well the boards believe their charges are doing with security and the perception by security personnel in the trenches working to protect company assets. Here are some indications from the survey that boards of directors may underestimate the cybersecurity risks facing their organisations.

Even though almost three-quarters of directors report that they're charged with overseeing risk assessments and audits at their companies, they may not have the baseline knowledge necessary to really decipher information and capably lead based on these assessments. 

The survey showed that only 33 percent of board members consider themselves knowledgeable or very knowledgeable about cybersecurity. It's not surprising, then that while 70 percent of board members say they understand the security risks their organizations face, just 43 percent of IT security personnel believe their boards truly understand the cyber risk landscape.

Overconfidence Endemic To Boards

The lack of knowledge allows many directors to maintain somewhat Pollyanna-ish views about their organisation's security readiness. Approximately 59 percent of board members rate their cybersecurity governance practices as very effective. At the same time, only 18 percent of security pros also believe this to be true.

"This finding reveals the deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks," the report said.

Board Not Informed of Incidents

The disparity between breaches that board members know about versus those that IT security staff have knowledge of hints at a troubling lack of communication between the board and infosec pros.   Over half of IT security professionals reported that their organisations had experienced a breach involving theft of high-value information in the past two years. 

That's compared with just 23 percent of board members who believed the same. Furthermore, in many cases, board members are unsure if their organizations have experienced security incidents. About one in five directors say they're uncertain if their organisation experienced a cyber attack that disrupted business or IT operations in the past few years and 18 percent said they were unsure if it experienced a breach involved high-value information.

Directors Don't Ask For Security Measurables

While board members recognise the importance of cyber security, 89 percent say they recognise the reputational and marketplace impact breaches or security failures pose, they're not asking for enough information from security departments. 

In fact, only 19 percent of boards use any kind of cybersecurity metrics to keep IT accountable for maintaining an acceptable level of risk for the organisation.

Dark Reading: http://ubm.io/1Hvwnz7

« Data Breaches Hurt 43% of Businesses Last Year
Five Greatest Cybersecurity Myths »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.