It had been seen that there is dramatic increase in the attention that boards and executives are paying to cyber security risk management, according to new global study that were developed by the Georgia tech Information Security Center (GTISC).
According to survey results, it has been indicated that since 2008, boards and executives have been making some concerted efforts to address all the cyber risks.
Some of Highlights of this report are as follows:-
- Cyber security has risen to become one of the top boardrooms issues, with nearly two-thirds as 63% of the survey that respondents actively addressing computer and information security, from 33% in 2012.
- Most of the boards as 53% have established a risk Committee that were separate from Audit Committee, up from 8% in 2008, which now had been overtaken responsibility for oversight of cyber risk from the Audit Committee.
- Hence, boards today are paying a great deal more attention to cyber insurance coverage ie. 48% of the respondents said that their boards were focusing on cyber insurance, up from 28% in 2012.
Boards are also placing a much higher value on risk and security experience when recruiting board directors, that is 59% of respondents said their board had a new director with risk expertise, and nearly a quarter (23%) had one with cyber security expertise.
“Its excellent to see that corporate executives are dramatically increasing efforts to manage cyber risks. Hence, establishing an appropriate dialogue between technical experts and the executives who will prioritize resources is essential to effectively secure an organization. However, this increased attention must be coupled with appropriate action to apply the right combination of people, technology and processes to secure computing environments. It starts with establishing a breach prevention mindset. This study provides a basis for organization around the globe to start having more discussions on just how to achieve this”, said Ryan Gills Vice President of Cyber Security Strategy and Global Policy at Palo Alto Networks.
Therefore, the report compares survey results across critical infrastructure sectors and geographic regions indicates that all the industry sectors increased attention to cyber issues at the board and executives levels.
Key points includes:-
- The financial sectors exceeded far from other industry sectors with 86%, having a board Risk Committee, followed by the IT/Telecom sector at 43%.
- North American and European boards are paying significantly more attention to cyber risks(85% and 58% respectively, up from the 40% and 19%), while Asian Boards showed no increase in attention to these issues (38% in 2012 and 2015).
- North American board attention to cyber insurance doubled from 2012 (70% in 2015 vs 35% in 2012). hence, European Boards had a 26% increase, whereas Asian boards showed a 3% increase.
- Most Asians boards (98%) have a Risk Committee, whereas only 43% of European boards and 42% of North American boards have one.
- The Industrial and Financial sectors showed the largest increase in attention to cyber issues, and all sectors showed marked improvements in engaging in best practice activities to manage cyber risks.
There is still some space for improvement, hence further study shows key challenges that remain intact in some critical areas:-
- It is still common for CISOs to report to CIOs (40%), even though that reporting structure can create segregation of duties issues.
- While 63% of respondents said their board regularly or occasionally reviewed their annual security program, only 45% occasionally reviewed their annual security program, only 46% said they had participated in a test scenario of the plan.
- Boards need to ensure that their organization’s security teams have the resources necessary to protect their digital assets, only 50% of the respondent boards are reviewing security budgets.
Thus, the survey polled board directors and executives from Forbes Global 2000 companies, and the report compares survey results from three previous surveys that were conducted in 2008, 2010 and 2012