A study led by Dr Chris Brauer of Goldsmiths, University of London, with Nasdaq and cybersecurity company Tanium, found that a lack of accountability at board and executive levels and no clear focus on cybersecurity has contributed to systemic data vulnerability in global companies.
Some 1530 non-executive directors, Chief Information Officers (CIOs), and Chief Information Security Officers (CISOs) from across the US, UK, Germany, Japan and Scandinavia were surveyed for ‘The Accountability Gap: Cybersecurity and Building a Culture of Responsibility’ – the largest study of its kind.
While many people believe that cyber-security in the private sector is improving, the study’s findings indicate an alarming gap between presumed and actual corporate preparedness for cyber-security breaches.
The report explores cyber-literacy, accountability, response and the appetite for risk. Dr Brauer’s research team worked with a global panel of cybersecurity subject-matter-experts to define challenges that make up cybersecurity vulnerability and developed a statistical model for scoring readiness, awareness and vulnerability for these challenges and assessed through survey. A recurring theme is that while board members understand the importance of cyber preparedness, they widely lack the requisite knowledge of real time specific cyber threats and the possible actions that should be taken to mitigate risk.
Dr Brauer said: “What the report does is make visible the key contemporary leadership challenges around cybersecurity and benchmark the readiness and awareness for these challenges of the corporate leaders from a sampling of the world’s largest organisations. There is a lot of focus on cybersecurity risks in the public domain and we sought to inform and impact calls-to-action for organisations to increase cyber accountability and reduce vulnerability.”
In fact, the study found that most non-executive directors felt a hesitance even to speak up regarding their concerns on cybersecurity matters, as they didn’t feel knowledgeable enough on the subject to weigh in. Findings include:
– Every company is vulnerable to varying degrees of cyberattack, but 90pc of respondents’ organisations could be categorised as medium-to-high risk.
– Near all, 98pc of the most vulnerable companies’ non-executives directors and executives are not confident their organisations track all devices and users on the system at all times.
– 87pc of board members and executives at the most vulnerable companies don’t consider their malware, antivirus software and patches to be completely up-to-date at all times.
– The least vulnerable companies are 31pc more likely than the most vulnerable companies to have assessed the potential losses associated with cyberattacks.
About the research
It was directed by Dr Chris Brauer at the Institute of Management Studies, Goldsmiths, University of London and led by Dr Jennifer Barth and Dr Yael Gerson. Research assistance was provided by Alison Wilson, Ana Beatriz Alencar and Zainab Hammoud and graphics by Meng-Yao Chuang. For a copy visit http://offers.tanium.com/The_Accountability_Gap_Report.html.
