CEOs’ Cyber Ignorance Costing Firms Dear
A lack of CEO awareness and engagement with cybersecurity could be placing their organizations at unnecessary risk of attack, according to new findings from RedSeal.
The security vendor polled over 500 IT professionals in the UK to better understand the cyber-risks posed by business leaders.
Over half (54%) said they don’t believe their CEO follows correct security procedure and in so doing is potentially exposing their organization to compromise. Over a third (38%) weren’t sure what technology their CEO used at home, with the majority (95%) claiming to be concerned that home smart devices could be hacked.
Over one in 10 (11%) respondents claimed that CEO or senior managers’ actions had put corporate security at risk, and three-quarters (75%) argued that their CEOs should pay more attention to cybersecurity in the future.
However, poor security policies and processes also seem to be to blame: 14% of UK CEOs still haven’t had any security training, while only 29% of respondents said they provide a daily cyber-report to their boss. A quarter (26%) said they only report major breaches to the CEO, perpetuating disengagement from cyber-related issues at the highest level.
In reality, cyber matters to CEOs as breaches could have a major impact on the bottom line and corporate reputation. Following a major incident, a third of respondents said they lost customers, 34% said it damaged reputation and over a fifth (23%) lost revenue.
“CEOs have wide access to their organization’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets,” argued RedSeal CTO, Mike Lloyd.
“The internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”
Source: Information Security Magazine