About 53% of company bosses believe that the main threat to corporate data and computer system loss come from a company’s own employees, rather than external attackers, such as cyber criminals and hackers, according to new research.
The research, Boardroom Cyber Watch 2013, revealed that about 27% of respondents believed cyber criminals and hackers are the next biggest risk to cyber security, while 12% reported that state-sponsored cyber-attackers are the primary threat. Some 8% considered competitors responsible for data loss.
IT Governance CEO Alan Calder said in the face of the rapid development and deployment of new cyber-threats, such infrequent executive oversight of IT security status seems alarmingly casual.
"Companies are not ignorant of the risks: 77% of bosses told us their organisation has a method for detecting and reporting attacks or incidents," Calder said.
"However, in the boardroom, many companies still appear too removed from the action for directors to meet their governance obligations."
About 25% of surveyed bosses said they had faced a ‘concerted attack’ in the past 12 months, while over 20% were unsure if their business had been subject to such an attack.
Another 52% said that their board receives ‘regular’ reports on the status of their organisation’s IT security, while just 5% said reports were submitted daily, with 11% being submitted every weekly and 33% on a monthly basis.
Only 30% of survey respondents said that those at board level have an understanding of current IT security threats.
According to Calder, organisations can reveal that they comply with the ISO 27001 security standard, including the data protection.
"The best way for organisations to prove their cyber security credentials is to comply with, and be certificated against, ISO 27001, the global best practise standard for information security management," Calder said.
"This lets you signal to customers anywhere in the world that you have a robust method for addressing the entire range of risks associated with systems, people and technology.
"ISO 27001 is no secret: 87% of our respondents tell us they are aware of it. However, only a tiny minority of businesses have so far been certificated to the standard, so most are denying themselves an advantage their customers are telling them they want."
