As the threat of cyberattacks continues to rise, chief information security officers and C-suite executives need to work more closely together
That’s according to a recently study from Accenture. As more information is stored online, and work is performed online, companies are becoming more and more vulnerable to online attacks, and the cost of security breaches continues to grow. However, Accenture’s report, entitled “Securing the Future Enterprise Today – 2018,” shows that significant gaps exist in terms of readiness.
Results from the survey showed many companies are simply ill-prepared to handle the needs of modern cybersecurity. Only 40 percent of the more than 1,400 C-suite executives polled claimed to always confer with their business unit leaders to understand the business before suggesting a security approach, showing a lack of ongoing communication. Only 40 percent claimed creating or expanding an insider threat program is a high priority, suggesting that C-suite executives aren’t sufficiently concerned about one of the most common security threats. About half of respondents state that all new employees receive training for cybersecurity upon joining and have ongoing awareness training while employed.
Seventy-three percent of those surveyed agreed that cybersecurity activities and staff members needed to be spread through all parts of the organization. However, at 74 percent of companies, cybersecurity is primarily centralized. Further results showed that C-level executives don’t seem likely to spread these centralized responsibilities to business units; among non-CISO executives, only 25 percent claimed that their business unit leaders shared responsibility today, and only a similar number believe that business unit leaders ought to be responsible in the future.
Slow to Act
As businesses adopt new technologies, companies must ensure they’re used in a secure manner, and the survey results show that executives are concerned about potential security risks. The Internet of Things came out on top, with 77 percent claiming the IoT will increase cybersecurity risks either moderately or significantly. Cloud services were close behind, with 74 percent claiming cloud services will increase cybersecurity risks at least moderately. More than 70 percent stated that believe sharing data with third parties will increase security risks at least moderately.
Even though C-suite executives believe emerging technology poses a risk, action is lagging. Omar Abbosh, Accenture’s chief strategy officer believes there is “still much work to be done”.
Cybersecurity strategy needs to be led by the board, executed by the C-Suite and owned at the front lines of the organization. Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees
Only 44 percent of respondents stated that their cloud technology is protected by their cybersecurity strategy, showing a significant gap between awareness and action. Similarly, only 39 percent claim that their data exchange with third-party entities are adequately secured. Determining the right course of action when implementing new technologies is always difficult, which may explain why companies aren’t taking a proactive approach. The potential risks of breaches, however, means that failing to take action early on can be costly.
Both traditional and emerging technologies are critical for the modern business world, and C-suite executives, by and large, are aware of the risks. However, translating concerns into actionable plans has lagged behind, and the growth of the IoT, cloud operations, and other technologies present clear risks for companies of all sizes. Accenture’s report strongly suggests that better communication and collaboration between CISOs and C-suite executives is critical for closing these gaps.