4 Signs a Board thinks Security is Better than it Is

Uploaded on 2015-07-21 in FREE TO VIEW

ponemonsecuritychallenges.jpg?w=640

Ponemon Institute: Who's responsible for cyber security?

While most boards of directors today consider cybersecurity risks a top concern for the companies they help govern, their true awareness of the threats may not be as good as they think, according to recent results of a Ponemon Institute survey that compared directors' perceptions to IT security executives'.

The study showed that there's a gap between how well the boards believe their charges are doing with security and the perception by security personnel in the trenches working to protect company assets. Here are some indications from the survey that boards of directors (BoDs) may underestimate the cybersecurity risks facing their organizations.

Even though almost three-quarters of directors report that they're charged with overseeing risk assessments and audits at their companies, they may not have the baseline knowledge necessary to really decipher information and capably lead based on these assessments. The survey showed that only 33 percent of board members consider themselves knowledgeable or very knowledgeable about cybersecurity. It's not surprising, then that while 70 percent of board members say they understand the security risks their organizations face, just 43 percent of IT security personnel believe their boards truly understand the cyber risk landscape.

Overconfidence Endemic To Boards

The lack of knowledge allows many directors to maintain somewhat Pollyanna-ish views about their organization's security readiness. Approximately 59 percent of board members rate their cybersecurity governance practices as very effective. At the same time, only 18 percent of security pros also believe this to be true.

"This finding reveals the deep divide in the thinking about what constitutes effective governance practices between board members who are in charge of overall company performance and those responsible for stopping data breaches and cyber attacks," the report said.

BoD Not Informed of Incidents

The disparity between breaches that board members know about versus those that IT security staff have knowledge of hints at a troubling lack of communication between the board and infosec pros.  
Over half of IT security professionals reported that their organizations had experienced a breach involving theft of high-value information in the past two years. That's compared with just 23 percent of board members who believed the same. Furthermore, in many cases, board members are unsure if their organizations have experienced security incidents. About one in five directors say they're uncertain if their organization experienced a cyber attack that disrupted business or IT operations in the past few years and 18 percent said they were unsure if it experienced a breach involved high-value information.

Directors Don't Ask For Security Measurables

While board members recognize the importance of cyber security—89 percent say they recognize the reputational and marketplace impact breaches or security failures pose—they're not asking for enough information from security departments. In fact, only 19 percent of boards use any kind of cybersecurity metrics to keep IT accountable for maintaining an acceptable level of risk for the organization.

Dark Reading:

 

« CyberSecurity Future: Humans & Machines Work Symbiotically
Cyberwarfare is Common in Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

Valid Network

Valid Network

Valid Network DSP is blending traditional cyber security methodologies with blockchain transactions to achieve trust, internal and federated between organizations and stake holders.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

SECUINFRA

SECUINFRA

Since 2010, SECUINFRA have specialized in detecting, analyzing and defending against cyber attacks.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.