Research on Cyber Security Strategies Reveals Communication issues between CISOs and CEOs

It has been highlighted in a thoroughly conducted study, there is lack of communication between CEOs and IT leaders in businesses; this results in problematic addressing of cyber threats. In addition, many business owners appear misinformed on the legislation and the rules related to cyber security.

In an accredited research that has been performed among CIOs, CISOs and senior IT leaders, it was highlighted that 78 per cent of the business leaders in the companies where these professionals worked did not know anything about their organization’s cyber security strategy, which has been put into effect over the last year. This is shocking news, as it reveals that there is no direct communication and discussion between CISOs and CEOs about what is going on in such an important and highly vulnerable aspect of business.

This survey that was performed by the Ponemon Institute was commissioned by Raytheon. Another amazing discovery from this research was the fact that more than half of the respondents did not think that the cyber security must be the first priority and only the 14 percentage mentioned that their security leaders report directly to the CEO of the company.

It has also been proven through the research that a great percentage of the people who were involved in the survey were convinced that a future training regarding the cyber security would make everyone involved to become significantly more aware over the next years and such an improvement will definitely be performed regarding their organization’s cyber posture too.

Unfortunately, these kinds of security breaches make the CISOs and the CEOs perform meetings that have to do with these issues without actually addressing the important issues that need to be addressed. Ponemon’s owner Larry Ponemon has stated on this matter: “In the meantime, our study found there is still a large delta between resources and needs, as security leaders lack both funding and manpower to adequately protect assets and infrastructure.”

It is sad that just 47 per cent of the respondents believe that the “tools” of their organization are what it takes in order to cover the security standards that must be covered and the 31 per cent believes that their organization with the equipment that it has is ready to deal with the dangers that have to do with the Internet of Things. It is really disappointing that a really low percentage – in fact less than half of the people asked – insist on saying that they have what it takes to meet cyber security requirements and at the same time they believed that the cyber security practitioners do not have the experience and the knowledge that they should have in such a department.

A Survey of 180 U.S Business Owners

Another survey that included 180 U.S. business owners that was performed by Software Advice showed that just 33% of the respondents fully understand the laws and rules that have to do with their privacy concerning their personal information. Less than half of the people who answered questions included within this research said that they have a backup plan in case an incident of a data breach; 29% said that they have private insurance and finally 58% stated that they often proceed with vulnerability assessments.

Despite the negative results that have been mentioned above, the research of the Software Advice fortunately proved that 82 per cent of the personal data of their customers is encrypted.

But what we can take from the results of this study? Is this the reason why even big corporations like Sony and Anthem (to name a couple) got hacked? May be… It more likely could be one of the major reasons (if not the only one), I believe!

Top/Featured Image via SerPounce

COMMENTS

WORDPRESS: 0
DISQUS: 0

Research on Cyber Security Strategies Reveals Communication issues bet…

by Ali Qamar time to read: 2 min
0