A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from the Boardroom and C-Suite, reveals that many executives at the C-level are confused about who the true cybersecurity adversary is and how to successfully win the cybersecurity battle.
IBM Security and IBM’s Institute for Business Value (IBV) interviewed more than 700 C-level executives from 28 countries across 18 industries on cybersecurity in the enterprise. The survey intentionally left out the CISOs so as to paint the picture of what everyone else in the C-Suite thinks about cybersecurity.
On the executive level, cybersecurity is viewed as a top concern for 68 per cent of CxOs surveyed, while 75 per cent believe a complete security plan is essential to mitigate cybersecurity threats. But the study went on to highlight that executives need to be more engaged with CISOs by taking a more active role than just being involved in planning.
A significant finding from this study was that 70 per cent of CxOs think rogue individuals make up the largest threat to their organizations when in reality 80 per cent of cyberattacks are driven by highly organized crime rings according to a report from the United Nations. The study also found that C-level executives have the same level of concern about cybersecurity adversaries as they do about their competitors. The conclusion drawn from this finding is that executives are not placing enough emphasis on the security of their organizations as they need to in combating cybersecurity risks, threats and attacks.
“The world of cybercrime is evolving rapidly but many C-Suite executives have not updated their understanding of the threats,” said Caleb Barlow, Vice President, IBM Security. “While CISOs and the Board can help provide the appropriate guidance and tools, CxOs in Marketing, Human Resources, and Finance, some of the most sensitive and data-heavy departments, should be more proactively involved in security decisions with the CISO.”
As Barlow pointed out these departments are primary targets for cybercriminals as they manage some of the most sensitive customer and employee data along with corporate finance and banking details. Given the nature of the data in these departments a greater emphasis should be placed on the effective execution of a proper cybersecurity strategy. Sadly, this is not the case for about 60 per cent of CFOs, CHROs, and CMOs surveyed, who readily admitted that they along with their departments are not actively engaged in cybersecurity strategy and execution.
The report went on to provide the following tips that organizations can apply to help structure a cybersecurity strategy to mitigate risks and threats:
Understand the Risk: Evaluate your ecosystem for risks, conduct security risk assessments, develop education and training for employees and incorporate security into the enterprise risk plan.
Collaborate, Educate & Empower: Establish a security governance program, empower the CISO, elevate and regularly discuss cybersecurity at C-Suite meetings, include the C-suite in developing an incident response plan.
Manage Risk with Vigilance & Speed: Implement continuous security monitoring, leverage incident forensics, share and utilize threat intelligence to secure the environment, understand where the organization’s digital assets reside and develop mitigation plans accordingly, develop and enforce cybersecurity policies.
To download the full report and infographic, please go here.