Communication Between Cyber Security Managers And Senior Leaders Poor
Board members from organisations scattered around the globe are worryingly naive when it comes to understanding important cyber security procedures, approaches and protocols.
According to the ‘By the Numbers: Global Cyber Risk Perception Survey 2019,’ conducted by Marsh and Microsoft, just over a third (37%) of 1,300 executive respondents considered board members and senior leaders to be one of the main owners of cyber security approaches.
In fact, the vast majority (70%) viewed cyber security issues as the sole concern of company IT departments.
This perceived lack of ownership resulted in a poor understanding of the main threats facing their companies. Despite being told about cyber issues by 45% of risk and technology executives, a mere 18% of directors remember receiving cyber related information.
This means that key decision makers are unaware of vital cyber defences. The report found that only 73% of senior managers misunderstood the online threat environment, 71% did not have an understanding of cyber programs and investment whilst 65% were oblivious to issues, breaches and cyber events experienced by the organisation.
Only 28% of senior business leaders feel highly confident in identifying and assessing cyber risk. Fewer still feel as though they are able to prevent risk and respond effectively to a breach with less than a fifth (19%) confident in their defence and recovery processes.
Overall, business and firm decision makers were anxious about the disruption and impact on consumers. The vast majority (75%) worried that business interruption following a cyber attack would be the costliest impact on a business with both profit and consumer business deteriorating whilst the company recovers.
59% of respondents fear the reputational damage which would follow in the event of a cyber attack whilst 55% were worried about the loss of consumer information in an attack.
Although 41% were concerned about the damage from a financially motivated attack using destructive malware, almost a third of respondents (31%) were anxious about the threat caused by negligent or malicious/rogue employees inadvertently or directly causing a data breach.
Despite the lack of collaboration between IT managers and senior leaders, many firms are upping their cyber security protocols; 69% had conducted a cyber security assessment in the last six months.
Hoping to stem the flow of data breaches, 68% had implemented enhanced phishing awareness and training for employees whilst over half (53%) had developed a cyber incident response plan.
Overall, the report found that senior leaders need to communicate more effectively with cyber security employees, take a greater role in fraud prevention and ensure a robust cyber security culture is embedded within the business.
Do your COLPs, COFAs, partners and senior managers take a leading role in cyber security?