When you look at the lag in cybersecurity for organizations there are a number of reasons why cybercriminals are winning. One of these reasons is the lack of knowledge and awareness of the board of directors on cybersecurity risks. Even though tools and holistic security implementation processes are also part of the reason for insecurity; it’s the higher up that causes a delay in change for the better, since they’re the ones with the decision power.
A recent study by the National Association of Corporate Directors (NACD) reveals that only 19% of corporate board directors and professionals think their boards have a high level of understanding of cybersecurity risks. This is better than the 11% from the year before, but there is still a long ways to go before reaching 100% or even 50% of organizations’ boards understanding cybersecurity risks. With a majority of decision makers at a disconnect with the danger their company faces they are not inclined to take cybersecurity up a notch.
Even more concerning is the fact that 59% of organizations find it challenging to oversee cyber risks. This statistic represents the security skill gap that hasn’t been solved yet, but that is being widely discussed. Now organizations have two problems, leadership and security team level of preparedness to manage cybersecurity risks. Both go hand in hand because without support from those who decide budget allocation, more resources aren’t invested in cybersecurity training or outsourced expert assistance when internal teams and security leaders need help.
Thanks to compliance requirements organizations have had to make some changes to cybersecurity to avoid fines; but this doesn’t help when companies stick to compliance alone. Another nudge to get organizations on the right track comes thanks to data security breach notification laws, which are causing businesses to make it known when breach happens. This has led to the knowledge of brand damage following a breach.
The progress of organizations to get on track with cybersecurity doesn’t match the speed at which cybersecurity risks are growing. If you look at November 2016, it saw a 60% increase of breach incidents compared to October breach incidents. Forty-seven of these incidents involved a total of 448,639 breached records (Protenus Breach Barometer).
If boards don’t understand cybersecurity risks, it’s normal that they don’t think there’s a need to do more. Laws alone can’t get organizations to take the necessary steps to stop being behind hackers when it comes to securing their enterprise. Hopefully, informative articles such as these ones can make it clearer to a board member who’s reading this or a security executive who can share this information in a way that the board understands, your business needs to take cybersecurity seriously.
It’s the beginning of a new year, start it off with cybersecurity in the forefront. Schedule your free consultation and find out what you need to do to get on track with security. We’re only a click away!
Photo courtesy of Sergey Nivens