Your Directors Don’t Understand Cyber Threats Endangering Business (£)
At CSI we have surveyed, reviewed and interviewed directors and we have found that 41 % of IT directors do not have faith in their board’s comprehension of cyber security. However 67% of non-IT Directors we spoke, surveyed and discussed cyber with, say they do not really understand the cyber security issues that are and may affect their business.
Over forty percent also said that their CEO lacks comprehension of the cyber issues that are and might affect their organisation.
Nearly 90% of all Board Director think there is a lot more to be done with Cyber Security within their organisation and over 30% say they have not had adequate review and discussions about the subject.
72% say they have not had any independent reviews or reports about the business’s threat levels and the action that was being taken on a regular basis to counter the attack threats.
This unfortunately does not suggest a way forward that is more secure and regular cyber security audit is recommended, but, at present, these are not a common process.
Over 80% of the organisations interviewed had experienced a cyber security problem in 2015/14 and the IT departments claismed that now they are more secure, however the research in the last quarter of 2015 does not support this position.
One of the major problems going forward is that the organisation’s IT tends to secure itself only against previous types of cyber security issues and does not explore and keep a clearer understanding of the changing cyber-scape and the threat processes being used.
Malware and phishing was the common attacks reported in 2014/15 however ransom-cyber threats have considerably increased in the latter part of 2015 and more of the organisations have not taken this into the on going strategy plans.
Discussions and presentations with staff is vitally important and understanding their levels of security comprehension is very important but many of the organisations were not changing and continually reviewing this process.
The use of different types of security technology by different parts of the organisation without the understanding of the IT department is a wide area of potential problems where the walls and gaps in the security are not being reviewed or sealed. So-called, Shadow IT is a major problem for all organisations that do not clearly engage and understand the security being employed by their own work force.
The problem of rogue employees is a growing problem with businesses that do not listen and understand their employee concerns and issues. Internal attacks have grown considerably and this needs to be taken very seriously by senior management.