December 4, 2022

Robotic Notes

All technology News

Report: Many board members believe their companies are unprepared for a cyberattack

3 min read

A new report from cybersecurity company Proofpoint Inc. found that nearly half of board members globally believe their companies are unprepared for a cyberattack.

Based on a survey of C-suite executives conducted on cybersecurity at MIT Sloan, or CAMS, the report found that 77 percent of board members agreed that cybersecurity was a top priority for their board. More than three-quarters of respondents said their board discusses the topic of cybersecurity at least once a month, and therefore this portion believes their boards have a clear understanding of the systemic risks facing their organization. Similarly, more than three-quarters said they believed their company had made adequate investments in cybersecurity.

The headline numbers sound positive, but the report notes that optimism may be misplaced. Nearly two-thirds of board members surveyed believe their organization is at risk of a significant cyberattack in the next 12 months, and nearly half believe their organization is unprepared to deal with a targeted attack.

Perhaps showing a growing awareness of the problem, two-thirds of respondents identified human error as their most significant cybersecurity vulnerability. However, the report claims that the figure must be very high, as statistics show that human error leads to 95% of all cyber security incidents.

“It’s encouraging to see that cybersecurity is finally the focus of boardroom conversations,” Lucia Milica, vice president and global resident CISO at Proofpoint, said in a statement. “However, our report shows that boards still have a long way to go in understanding the threat landscape and preparing their organizations for material cyber attacks.”

Other findings included board members ranking email fraud and business email compromise as the biggest concern at 41%, followed by cloud account compromise at 37% and ransomware at 32%. The numbers contrast somewhat with chief information security officers who, while identifying email fraud/BEC and cloud account compromise as top concerns, instead identified insiders as the top threat, while board members rated insiders as more low concern.

Board members were also found to disagree with chief information security officers about the most critical consequences of a cybersecurity incident. Internal data becoming public topped the list of concerns for boards at 37%, closely followed by reputational damage at 34% and loss of revenue at 33%. CISOs, on the other hand, were found to be more concerned about significant outages, disruption to operations and impact on business valuations.

The report also found that the relationship between boards and CISOs has room for improvement. Some 69% of board members report seeing eye-to-eye with their CISO, while only 51% of CISOs feel the same way.

“Board members need to look for ways to make CISOs their strategic partners,” noted Dr. Kerry Pearlson, executive director of Cybersecurity at MIT Sloan. “As cybersecurity risk is front and center on the boardroom agenda, better alignment of CISOs’ and boards’ cybersecurity priorities will only serve to improve the protection and resilience of their organizations.”

Photo: Mike Peel/Wikimedia Commons

Show your support for our mission by joining our Cube Club and the Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Source link