Boardroom Cyber Watch 2013: survey results
Company directors see their own employees as the greatest threat to corporate data and computer systems. That is the view of 53 percent of respondents to ‘Boardroom Cyber Watch 2013’, an international survey of senior executive opinion conducted by IT Governance.
The threat from employees was ranked ahead of risks from criminals (27 percent), state-sponsored cyber-attackers (12 percent) and competitors (8 percent) by an international sample of 260 board directors, IT directors and other technology professionals polled by IT Governance in April and May 2013.
The survey confirms the high level of cyber-threat facing today’s organizations, with 25 percent of directors saying they have received a ‘concerted attack’ in the past 12 months. However, the true total may be higher, as over 20 percent are unsure if their organization has been subject to such an attack.
However, many board directors still appear inadequately informed about cyber-risks. While a majority of respondents say their board receives ‘regular’ reports on the status of their organization’s IT security, 52 percent say that such reports are received, at best, annually. Only 5 percent say reports are submitted daily, with 11 percent being submitted weekly and 33 percent monthly.
Furthermore, despite cyber-threats potentially impacting many mission-critical business operations, only 30 percent of respondents say an understanding of current IT security threats is a prerequisite for board-level job candidates.
Alan Calder, chief executive of IT Governance, says: “In the face of the rapid development and deployment of new cyber-threats, such infrequent executive oversight of IT security status seems alarmingly casual. Companies are not ignorant of the risks: 77 percent of bosses told us their organization has a method for detecting and reporting attacks or incidents. However, in the boardroom, many companies still appear too removed from the action for directors to meet their governance obligations.”
This lack of insight perhaps explains why boardrooms find it difficult to judge how much they should be investing in cyber security measures. A significant minority – over 40 percent – of respondents say their company is either making the wrong level of investment or are unsure if their investment is appropriate. A quarter of respondents admit to having lost sleep about their cyber security in the past year.
Yet the survey reveals the competitive advantages that flow from effective information security. Fully 74 percent of respondents say their customers prefer dealing with suppliers with proven IT security credentials, while 50 percent say their company has been asked by customers about its information security measures in the past 12 months.
‘Boardroom Cyber Watch 2013’ was conducted as an online survey by IT Governance. The 260 respondents represent organizations of all sizes, with revenues ranging from less than US$5m to more than US$500m. The sample is truly international: while the majority are from organizations based in the UK and United States, respondents from South America, Central Europe, Africa, the Middle East, Asia, Australia and New Zealand have also contributed.
•Date: 16th July 2013 • World •Type: Article • Topic: ISM