- Security TWENTY
- Women in Security Awards
Risk is reported as being the principal area of training for the whole board in the last 12 months, due to the continuing fall-out from the financial crisis, and fuelled by constant media reports of failings inside companies. That is according to the FT–ICSA Boardroom Bellwether, a twice-yearly survey which seeks to gauge the sentiment inside UK boardrooms. The aim is to develop a business barometer.
On a risk-related question, 93 per cent of respondents felt that board positions – both executive and non-executive – now carried a higher level of reputational risk compared to five years ago.
Against this background, it is noteworthy that almost all boards think their company’s specific exposure to cyber risk is increasing – yet only 21pc of companies have taken action and significantly mitigated the risk. Boards do not appear to be giving this high-profile and increasingly-visible risk the attention it requires, with only 13pc of boards having discussed and acted on the Government’s published Cyber Security Guidance, and with around 75pc reporting that boards had either not discussed/nor even seen this guidance.
For the full results of this survey, go to www.icsaglobal.com/bellwether.
Follow the debate at www.ft.com/bellwether.
The next survey, FT–ICSA Boardroom Bellwether 4, will take place in November 2013.
Stephen Midgley, Vice President, Global Marketing at Absolute Software
“With every corporate device acting as a potential gateway into a business’ infrastructure, cyber security provisions must extend beyond the firewall. If an employee is using their own device and it happens to contain malware or unauthorised applications, then this can represent a security vulnerability. The kind of external hacking attacks that the survey discusses are only one of the ways that third parties can gain illegal access to sensitive data. Given that a work-enabled smartphone or tablet has access to as much sensitive data as a desktop PC, a compromised portable device could pose as much of a threat as a successful hacking attack.
“Successful security policies need to offer a holistic approach, encompassing all potential security risks. These measures have to be able to respond to the threat that each device and end-user presents, and be able to act as soon as a device becomes a security risk. Whether this is through unauthorised applications or device usage, data security threats don’t just stop at cyber-security hacking risks. However, the challenge for businesses is to give employees the freedom to use their own devices, but without compromising security and productivity.”
And Andrew Mason, Technical Director and co-founder of security and compliance company, RandomStorm, said, “SMBs are likely to have fewer IT specialists on the staff. Therefore, there is limited resource to manage the risk to the SMB network. Organised criminals have recognised this fact and we have seen an increase in cyber attacks on smaller businesses in the last three years. Criminals will go for the easiest targets.”