While most executives agree that cyber security is important, a recent study by the Ponemon Institute has highlighted how executive teams are operating with a different set of assumptions. Most telling is that many CEOs are operating with ignorance of their company’s data breach risks.
CEOs see the importance of security
According to this study, which was released in July by the privacy-focused Ponemon Institute, companies’ chief executives tend to value cybersecurity just as–if not more–highly than their executive colleagues. This is in sharp contrast to many technical executives who state that getting the CEO to focus on security issues is a challenge.
CEOs underestimate the occurrence of security issues
But another survey result helps to explain this when you see see that CEOs, compared to other senior executives, tend to underestimate the frequency of cyberthreats their organization faces. Among the respondents, just 17% of CEOs said their company faced attempts to steal data at least once every hour, compared with 33% of other executives. Nearly 50% of CEOs said their company experienced an attack “rarely”–less than once a week–while most other senior executives believed this rate of attack/risk to be much higher.
So, CEOs believe in data security – but they don’t realize just how many detailed security issues there are. Thus highlighting why it is a challenge for many IT leaders to get the prioritization and funding that they want for security issues.
Study hints at how often cyber threats aren’t communicated to the boss
However, the reality is that the IT leaders are probably to blame for this disconnect. It’s likely that IT executives don’t tell always report the full extent of a company’s data risks. “Even in the most transparent of companies, there’s a bit of hesitance to give the CEO a report of vulnerabilities or even small breaches,” says Ponemon. “We don’t know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets.”
Companies with the best digital security have CEO buy-in
Mr T. Bill, CEO of ORC Software recently told us that “It was of course natural for me to protect the information on our laptops. To download and install Alertsec Xpress via the web was both easy and quick.” Likewise, Mr N. Vinberg, CEO of Björn Borg, was quoted as saying “Securing our information on laptops as a service gives us great flexibility.” Vinberg added that “Alertsec Xpress has found the ultimate way of deploying the protection via the web. To sum up it is an easy and flexible and cost effective solution for our organization.”
The Ponemon survey did not ask the question “Do you know how your own computer or laptop is secured?” Executives who know the answer to that question reflect an organizational culture where all employees are trained about data encryption and the reality of security issues.
Security is not always a fun topic, but it’s a necessary topic. In the best secured companies the IT leaders are honest and in sync with the rest of the executive leadership.
