Security Magazine: Almost Half of Boards Lack Real Understanding of Cyber Threat

InsightHEADLINES, INSIGHT

Security Magazine: Almost Half of Boards Lack Real Understanding of Cyber Threat

A new survey found that 45 percent of cybersecurity professionals believe their board of directors have a major gap in their understanding of cyber risk, or simply don’t understand the risk at all.

This is despite more than half of boards being ultimately accountable for the cyber strategy, according to the second annual Harvey Nash / PGI Cyber Security Survey, representing the views of almost 200 senior cybersecurity professionals.

The survey also reveals that lack of cyber risk awareness affects the senior executive team: one third of cyber professionals (33%) believe their CEO has major knowledge gaps and almost half (49%) believe so for their CFO. CMOs, many of whom have increasing responsibility for customer data and driving customer facing digital strategies, were also rated poorly in the survey, with 43% of cyber professionals believing they had major knowledge gaps, and one in ten (11%) believing they had no cyber risk awareness at all.

The top three factors holding back the cybersecurity strategy were: Budget (selected by 57%), Security aware culture (49%) and Understanding of the real threat (43%).

Brian Lord, Managing Director, PGI Cyber commented: “Cybersecurity is as much about people as it is about technology. Whilst there is no doubt many boards are asking more questions about cybe security than they did five years ago, it is clear that there is much more to do to make organizations fully aware and prepared for risk management in a digital world.”

Stephanie Crates, Head of Information Security Practice – London, Harvey Nash, added: “Whilst it’s true to say cyber professionals enjoy greater demand for their skills now than they have ever had before, it is also true to say the nature of that demand has changed. Increasingly companies are looking for people who are able to influence, persuade and educate as much they can design, build and test. The image of a cyber professional as a ‘techie geek’ is, if it were ever true, a thing of the past.”

Originally published on Security Magazine