Study Finds Disconnect Between IT, Leadership on Cyber Security

A recent survey of 1,006 CIOs, CISOs and senior IT leaders worldwide found that 78 percent of respondents said their board of directors hadn’t been briefed on their organization’s cyber security strategy in the past year (h/t SC Magazine).

The survey, commissioned by Raytheon and conducted by the Ponemon Institute, also found that two thirds of respondents believe senior leaders in their organization don’t view cyber security as a strategic priority, and just 14 percent said their organization’s security leader reports directly to the CEO.

Still, a majority of respondents said they believe cyber security awareness through training will improve over the next three years, and that their organization’s cyber posture will also improve during the same timeframe.

“High-profile cyber security breaches are closing the gap between CISOs and CEOs by forcing meaningful security discussions into corner offices and boardrooms,” Ponemon Institute chairman and founder Larry Ponemon said in a statement.

“In the meantime, our study found there is still a large delta between resources and needs, as security leaders lack both funding and manpower to adequately protect assets and infrastructure,” Ponemon added.

Just 47 percent of respondents believe their organization takes appropriate steps to comply with leading cyber security standards, and only 31 percent believe their organization is prepared to deal with the risks associated with the Internet of Things.

Less than half of respondents said their organization has sufficient resources to meet cyber security requirements, and two thirds of those surveyed said their organization needs more knowledgeable and experienced cyber security practitioners.

“You don’t have to wait until you’re attacked to take cyber security seriously,” Jack Harrington, vice president of cyber security and special missions at Raytheon Intelligence, Information and Services, said in a statement. “From the board room to the President’s desk, rallying around the cyber security issue is critical to address the real threats we face as a global society.”

A separate survey of 180 U.S. business owners and decision makers by Software Advice found that only 33 percent of respondents are very confident that they understand their state’s data breach notification laws (h/t IT Business Edge).

What’s more, less than half of respondents say they have a breach response plan in place, just 29 percent of respondents have cyber insurance, and 58 percent conduct regular vulnerability assessments.

Still, the Software Advice survey did yield some good news — fully 82 percent of respondents said their business encrypts its customers’ personal information.

Latest articles

XDR Emerges as a Key Next-Generation Security Tool

Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a...

Best Encryption Tools & Software for 2020

Enterprises can invest in state of the art threat defenses like next-gen firewalls, microsegmentation and zero trust tools, but even the very best tools...

SASE: Securing the Network Edge

Dramatic growth in Internet of Things (IoT) devices and external users have forced IT departments to move storage and processing functions closer to the...

Kaspersky vs. Bitdefender: EDR Solutions Compared

Kaspersky and Bitdefender have very good endpoint security products for both business and consumer users, so they made both our top EDR and top...

Related articles


Please enter your comment!
Please enter your name here