Security Pros ‘Prefer’ Root Canal Surgery Over Informing Board of Breaches

Security Pros 'Prefer' Root Canal Surgery Over Informing Board of Breaches

Almost half (44%) of security professionals would rather have root canal surgery than make the dreaded walk of shame to the boardroom to explain that they’ve suffered a data breach, according to results from a survey carried out by malware protection firm Lastline at Infosecurity Europe 2017.

Lastline polled 326 information security professionals during the conference at London’s Olympia earlier this month and revealed the severity with which all organizations—regardless of size or industry—treat the prospect of a data breach..

“The fact that nearly half of cybersecurity professionals would prefer to undergo a painful dental procedure than face their board about a data breach just shows how seriously these attacks affect organizations today.

“On a more positive note, it does show that cybersecurity has risen up the board’s agenda,” he added.

Concerns have been raised for some time about how high up the priority list cybersecurity and data protection has been for boards within organizations, but it would appear that the unprecedented levels of data loss seen over the last 12-18 months has made information cybersecurity a top concern for all corners of a company.

Speaking to Infosecurity Steve Durbin, managing director, Information Security Forum, said that the realities of operating in cyber space is that at some point things will go wrong—and that could mean a breach or loss of personal data.

“With regulators tightening their focus in this area, and with GDPR this will only increase, boards are at last beginning to realize that they have a key role to play in ensuring the security of the business,” he explained.

However, in many cases we are still a long way off the level of mutual trust and understanding required to ensure that cybersecurity is aligned with corporate strategy, Durbin added.

“Security leaders need to continue to develop their relationship with the board to explain, in business language, the implications of certain actions and the requirements for good cyber-hygiene across the business. This requires the commitment of the business and security to work collaboratively.

“Nobody likes to deliver bad news to the board, and let's face it, boards are not eager to hear such news, but a closer relationship based on regular updates and sharing of steps being taken to align security with strategic business direction will at least ensure a higher degree of understanding in the boardroom that whilst a breach of some nature may be inevitable.”

Source: Information Security Magazine