Kaspersky research has found that over two-fifths (42 per cent) of UK C-level specialists believe that jargon around cybersecurity is the biggest reason for a lack of risk understanding at the top of organisations
For many UK-based C-level security, compliance, and risk specialists, jargon and confusing industry terms are currently presenting the greatest hurdle to the C-Suite’s understanding of cybersecurity and, most importantly, what they should do about it.
With over half of C-Suite executives surveyed (57 per cent) stating that the biggest risk facing their businesses are cybersecurity attacks — ahead of economic factors (30 per cent), industrial action (29 per cent) and natural disasters (26 per cent) — closing this communication gap is vital.
More specifically, almost half (46 per cent) of respondents said they found the cybersecurity terms ‘malware’ and ‘supply chain attacks’ to be confusing.
Meanwhile, more technical language used such as ‘zero day exploits’ and ‘Suricata rules’ saw similar levels of confusion, with 45 per cent and 48 per cent of respondents respectively claiming to not fully understand these terms.
“Acronyms, jargon, and idioms act as shorthand for those in the know, but often seem confusing for anyone without direct experience of working in cybersecurity,” said Stuart Peters, general manager for UK and Ireland at Kaspersky.
“Our findings suggest that the inability from senior management within large organisations to truly understand the nature of the threats they’re constantly exposed to, means they are often not considered a boardroom priority.
“In other words, this paints a picture of high-powered C-Suite executives having to make timely, critical business decisions without a clear picture of their own unique threat landscape and the risk it poses to their organisation, preventing them to develop a culture of cybersecurity based on best-practices, knowledge-sharing, and ultimately actionable intelligence.”
>See also: Hervé Tessler – ‘Cyberattacks can mean total reputational death’
Cybersecurity lacking in boardroom agendas
Despite nearly all (99 per cent) C-Suite respondents now being aware of how often their businesses are being attacked by threat actors, just one in three respondents said that cybersecurity was only sometimes an agenda item during board meetings, compared to 61 per cent identifying cybersecurity as an ever-present agenda item.
Additionally, nearly one in five (22 per cent) C-Suite respondents in companies with 5000+ employees said that cybersecurity is rarely an agenda item for meetings, compared to just under 2 per cent of C-Suite in companies between 1000-1999 or 2000-2999 employees —showing that awareness disconnect is more common at larger organisations.
Kaspersky conducted 1,800 interviews with C-level decision-makers in large enterprises of 1,000 or more employees, across 13 countries in Europe, for its report: ‘Separated by a common language: is the C-Suite able to truly decipher and act upon the real threat of cyberattacks?’. The full report can be found here.
Related:
Zero trust – what is it and why is strong authentication critical? — What is zero trust and why is it important?
Establishing a strong information security policy — Here’s how organisations can ensure they have a strong policy in place which reflects the needs of the business.