IT disaster recovery, cloud computing and information security news

Boards still not taking cyber threats as seriously as they should: survey

Details

Key decision makers do not have confidence in their Boards’ ability to manage cyber security threats, according to the latest cyber security analysis from Control Risks. The global ‘Cyber Security Landscape’ report of IT and Business decision makers found that almost half of respondents (46 percent) reported they believe their organization’s board-level executives do not take cyber security as seriously as they should. This is despite 77 percent of respondents citing the C- suite, rather than the historic owner, the IT department, as being most accountable for cyber security management and decision making in their organization.

The survey equally found that just over 31 percent also reported they are very or extremely concerned their organization will suffer a cyber attack in the next year and a third (34 percent) say their organization doesn’t have a cyber crisis management plan in place in the event of a breach.

Other key findings:

  • Companies are struggling to adopt a risk-based approach: although companies are now less concerned with merely complying with standards and are focussed on actually reducing the risk of a cyber attack, almost half (45 percent) agreed that assessing and managing these risks is their biggest challenge.
  • Third-party breaches are a growing concern: just over a third (35 percent) of respondents said a third party cyber breach had affected their organization and despite nine in ten respondents (93 percent) taking steps to evaluate their third parties’ cyber security measures, 53 percent said this was confined to contractual measures.
  • Cyber attacks have major long-term effects: 4 in 10 respondents said a cyber attack has resulted in the misuse of sensitive or confidential information (43 percent) and a loss of customer information (41 percent).

Control Risks says that organizations should ensure that cyber security becomes a regular item on the board’s agenda that includes reviewing the external cyber threat landscape in conjunction with IT. Organizations also benefit from regular crisis management exercises that involve all relevant parties including the C-suite, IT, legal, communications and any other members of the crisis management team. These exercises ensure that all parties understand their roles and responsibilities and the potential implications of a cyber attack.

Obtain the report (registration required).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The Business Continuity Business Case

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.