The ‘Boardroom Cyber Watch 2014’, conducted by IT Governance, also shows that 32.5 per cent of businesses say their boards receive no regular reports on how their organisation is developing and implementing its cyber defence strategy.
Nevertheless, there are signs of progress. While 38 per cent of respondents receiving a board report on cyber defences say this information is provided only annually or less than annually, the other 62 per cent receive this at least monthly. This is up from 48 per cent in last year’s study.
The survey also suggests that the quality of cyber-security reporting to the board is an area requiring improvement. Some 21 per cent of respondents believe that their company’s board reports fail to provide the information necessary to take decisions, with another 28 per cent unsure if adequate information is provided.
An additional area of concern is the quality of communication between the IT function and the board. In fact, 29 per cent believe that fear of retribution could be discouraging the IT department from fully disclosing details of cyber breaches to top management.
Alan Calder, Founder and Executive Chairman of IT Governance, says: “The lack of boardroom insight into cyber threats may partly explain the reluctance of some companies to give up outdated security goals. This situation is underlined by the fact that 38 per cent of respondents still say their objective is to prevent all cyber-attacks, an aspiration which will strike many information security professionals as unrealistic or even naive.
“While organisations need to defend themselves against potential attack, they must also accept that some attacks will inevitably succeed. Therefore, an organisation’s cyber resilience is now the critical survival factor – its ability to recover quickly once an attack has taken place. Ultimately, organisations seeking to implement effective cyber resilience need to utilise the best practice approaches offered by international cyber security and business continuity standards, coupled with staff training and other tools.”
By Shané Schutte
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.