IBM Security has just released a new study, which reveals that the C-Suite are not aligned on how to combat cyber criminals. While77% of Chief Risk Officers (CRO’s), and 76% of CIOs/CTOS report that their firm’s cyber security strategy is well established, just 55% of CFOs and 51% of CEOs report the same.
The report, "Securing the C-Suite, Cybersecurity Perspectives from the Boardroom and C-Suite," also found that while 50% of CEOs agreed that collaboration is necessary to combat cyber crime, just one third of them were willing to share their organisations’ cyber security incident information externally, with 68% reluctant to share such information externally.
This is in direct contrast to the growing collaborative ability of cyber criminals operating and sharing information on the dark web.
It also found that 70% of C-Level executives think rogue individuals make up the largest threat to their organisations, despite a major UN report from 2013 highlighting strong evidence to the contrary.
Its Comprehensive Study on Cybercrime found that "upwards of 80 per cent of cybercrime acts are estimated to originate in some form of organised activity, with cybercrime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale and "cashing out" of financial information."
"The world of cybercrime is evolving rapidly but many C-Suite executives have not updated their understanding of the threats," said Caleb Barlow, Vice President, IBM Security.
Due to the sensitive data that they manage, Marketing, Human Resource, and Finance are key targets for cybercriminals. Despite this, IBM Security found that around 60% of CFOs, CHROs, and CMOs accept that they and their divisions are not actively engaging in cyber security strategy and execution.
Indeed, only 57% of CHROs said that they have rolled out cyber security training for employees, which many cyber security experts highlight as critical for improving a firm’s cyber security ability.
"While CISOs and the Board can help provide the appropriate guidance and tools, CxOs in Marketing, Human Resources, and Finance, some of the most sensitive and data-heavy departments, should be more proactively involved in security decisions with the CISO," said Caleb Barlow.
While C-Level executives do seem to understand the scale of the threat, with nearly of those surveyed, (94%) believing there is some probability that their firm will experience a significant cyber security incident in the next two years, only 17% feel prepared and capable to respond to these threats.
The C-Suite thinks that employee-furnished mobile devices are the biggest cyber security threat, at 57%, closely followed by social media and channel systems at 54%. Applications are also a major cause of concern, with both enterprise mobile applications and cloud-based applications viewed as the riskiest part of IT infrastructure by 47%. This is followed by vendor/partner system integration points (42%), and data/analytics applications (38%).
The survey took in the views of over 700 C-Level executives from 28 countries, across 18 industries.