Study Finds Disconnect Between IT, Leadership on Cyber Security

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A recent survey of 1,006 CIOs, CISOs and senior IT leaders worldwide found that 78 percent of respondents said their board of directors hadn't been briefed on their organization's cyber security strategy in the past year (h/t SC Magazine).

The survey, commissioned by Raytheon and conducted by the Ponemon Institute, also found that two thirds of respondents believe senior leaders in their organization don't view cyber security as a strategic priority, and just 14 percent said their organization's security leader reports directly to the CEO.

Still, a majority of respondents said they believe cyber security awareness through training will improve over the next three years, and that their organization's cyber posture will also improve during the same timeframe.

"High-profile cyber security breaches are closing the gap between CISOs and CEOs by forcing meaningful security discussions into corner offices and boardrooms," Ponemon Institute chairman and founder Larry Ponemon said in a statement.

"In the meantime, our study found there is still a large delta between resources and needs, as security leaders lack both funding and manpower to adequately protect assets and infrastructure," Ponemon added.

Just 47 percent of respondents believe their organization takes appropriate steps to comply with leading cyber security standards, and only 31 percent believe their organization is prepared to deal with the risks associated with the Internet of Things.

Less than half of respondents said their organization has sufficient resources to meet cyber security requirements, and two thirds of those surveyed said their organization needs more knowledgeable and experienced cyber security practitioners.

"You don't have to wait until you're attacked to take cyber security seriously," Jack Harrington, vice president of cyber security and special missions at Raytheon Intelligence, Information and Services, said in a statement. "From the board room to the President's desk, rallying around the cyber security issue is critical to address the real threats we face as a global society."

A separate survey of 180 U.S. business owners and decision makers by Software Advice found that only 33 percent of respondents are very confident that they understand their state's data breach notification laws (h/t IT Business Edge).

What's more, less than half of respondents say they have a breach response plan in place, just 29 percent of respondents have cyber insurance, and 58 percent conduct regular vulnerability assessments.

Still, the Software Advice survey did yield some good news -- fully 82 percent of respondents said their business encrypts its customers' personal information.