A recent survey of 300 executives and board members found that only 25 percent of respondents believe recruiting and retaining skilled cyber security professionals is a critical cyber security issue.
The survey, conducted by Zogby Analytics on behalf of CyberVista, also found that 20 percent of executives at small businesses with less than 50 employees say they’re never briefed on cyber security issues.
“Too often, we hear only about the technology problems and solutions in cybersecurity without enough appreciation of the ‘people problem’ at the core of many of the most damaging cyberattacks,” CyberVista CEO Amjed Saffarini said in a statement. “Even with the best technology tools available, a shortage of cybersecurity workers limits the ability of businesses to appropriately prepare and respond to cyberattacks.”
Still, 60 percent of executives said their company had been hit by at least one cyber attack in 2015, and one third said their company had been hit by three or more.
Thirty-five percent of respondents either don’t know or aren’t sure what legally consitutes a data breach in their state.
“As with all other corporate risks, board members and executives ultimately bear responsibility for cybersecurity issues, and must take steps to create a culture of security that prioritizes addressing cyber risks across their entire organization,”Saffarini said. “Increasing cybersecurity training and education among leadership is critical to reducing vulnerabilities and ensuring sound business judgments. Cybersecurity has to start at the top.”
Separately, a survey of 765 business decision makers conducted by Redshift Research on behalf of Palo Alto Networks has found that more than 1 in 10 C-level respondents said they “kind of” understand what defines an online security risk to their business and “still have to use Google to help explain it.”
The same survey found that 1 in 10 employees still don’t believe their companies’ executives or board members have a relevant or accurate understanding of current cyber security issues.
And an IBM survey of more than 700 C-level executives has found while that 94 percent of respondents believe there’s some probability that their company will experience a significant cyber security incident in the next two years, only 17 percent feel prepared to respond to those threats.
While more than 50 percent of CEOs surveyed agreed that collaboration is necessary to combat cybercrime, only one third said they’d be willing to share their organization’s cyber security incident information externally.
“The world of cybercrime is evolving rapidly, but many C-Suite executives have not updated their understanding of the threats,” IBM Security vice president Caleb Barlow said in a statement. “While CISOs and the board can help provide the appropriate guidance and tools, CxOs in marketing, human resources, and finance, some of the most sensitive and data-heavy departments, should be more proactively involved in security decisions with the CISO.”
Among other results, the survey found that only 57 percent of chief human resources officers (CHROs) have rolled out employee training that addresses cyber security.
A recent eSecurity Planet article looked at the importance of providing effective security awareness training.