Talking the Talk, but not Walking the Walk?

What happens when an organisation’s CEO doesn’t take the matter of cyber security seriously? Lawsuits, lost customers, fines and damaged reputations are just some of the results.

Fortunately, there are signs that the message is getting through to boards and CEOs.

A recent study showed that two-thirds of boards and CEOs now have direct oversight of cybersecurity, up from the figure recorded in 2017.

Budget approvals also showed signs of improvement with boards now approving 59%, a strong improvement from the 33% recorded in the previous year.

Busting the Myths

The Cyber Security Breaches Survey 2018 shows that organisational culture varies widely across organisations. Many of the common cyber ‘myths’ remain in organisations that believe they operate offline. Myths such as; ‘We’re too small to be a target or we have nothing to steal.’

 This mentality leads to them investing less in cybersecurity, which in turn makes them more vulnerable. On the flip side, organisations that do the majority of their business online were shown to be relatively cyber-savvy.

img1

Engagement is key

Confidence in implementing an incident plan and delivering an effective response to a cyber-attack also comes from the top. Establishing an open culture where Chief information security officers (CISOs) and IT teams can openly discuss the threats the organisation faces will avoid instances where poor security is hidden from the board.

CISOs and IT teams working in a hostile culture may hide issues for fear of losing their positions, only adding to the problems an organisation may face. As a result, those assigned to tackle the threats and ensure the security of an organisation may become frustrated by a CEO and board that either doesn’t understand or care about the issue. The CEO on the other hand may believe that security is a technical issue resulting in each side blaming the other.

If the CEO and the board take the cyber threat seriously then cyber awareness is likely to be more prevalent throughout the business. Organisations with informed leadership are much more likely to send employees on cyber awareness training and promote a cyber aware culture.

Despite the positive signs that boards and executives are taking cybersecurity seriously, there are signs that many are talking the talk but not walking the walk. 90% of organisations expect investment in cybersecurity to increase over the next few years, but only 31% of those same organisations believe that the increased investment will be significant or sufficient.

For further reading visit –

https://www.xqcyber.com/cyberscore/show/what-makes-a-good-incident-response-plan

https://www.xqcyber.com/cyberscore/show/racing-the-risk

https://www.xqcyber.com/cyberscore/show/changing-attitudes-to-cybersecurity-and-cybercrime

With CyberScore™ an organisation can improve their security without it costing them the Earth. It costs nothing to scan a network and generate a score, which you can do as often as you like and just £1 per analysed for all three in-depth reports.

Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try out CyberScore™ for free now!

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at https://www.xqcyber.com/signup