C-suite leaders believe cyber security is important but lack knowledge on the subject, new research has revealed.
In a global IBM study of more than 700 C-level executives across 18 industries, many respondents were confused about who the real cyber adversaries are and how to effectively combat them.
While cyber security was viewed as a top concern by 68% of respondents, and 75% said a comprehensive security plan is important, the study found key executives need to be more engaged with CISOs beyond planning for security.
A major finding of the study was that 70% of CxOs think rogue individuals make up the largest threat to their organisations. The reality is that 80% of cyber attacks are driven by highly organised crime rings in which data, tools and expertise are widely shared, according to a United Nations report.
>See also: Britain is paying the price of cybercrime
The study found that a broad set of adversaries concerned the C-Suite, including 54% who acknowledged crime rings were a concern, but they gave nearly equal weight of concern to competitors at 50%.
Over 50& of CEOs surveyed agreed collaboration is necessary to combat cybercrime. Ironically, only one-third of CEOs expressed willingness to share their organisation’s cyber security incident information externally.
This exposes a resistance to widespread and coordinated industry collaboration, while hacking groups continue to perfect their ability to share information in near real-time on the dark web.
CEOs also emphasised that external parties need to do more, stronger government oversight, increased industry collaboration, cross-border information sharing, competitors – a dichotomy that needs to be resolved.
“The world of cybercrime is evolving rapidly but many C-suite executives have not updated their understanding of the threats,” said Caleb Barlow, VP at IBM Security. “While CISOs and the board can help provide the appropriate guidance and tools, CxOs in marketing, HR and finance, some of the most sensitive and data-heavy departments, should be more proactively involved in security decisions with the CISO.”
In fact, marketing, HR and finance departments represent prime targets for cybercriminals as they manage some of the most sensitive customer and employee data, manage corporate financials and have access to banking details.
>See also: How do you solve a problem like cybercrime?
In the study, roughly 60% of CFOs, CHROs, and CMOs readily acknowledged they, and by extension their divisions, are not actively engaged in cyber security strategy and execution.
For example, only 57% of CHRO’s reported they have rolled out employee training that addresses cyber security, a first step in getting employees engaged on the subject.
An overwhelming number of the CxOs surveyed (94%) said there is some probability that their company will experience a significant cyber security incident in the next two years.
According to IBM’s analysis, only 17% of the respondents felt prepared and capable to respond to these threats.