itb-nz logo
Story image

Why one in three CEOs would fire the person responsible for a breach - Nominet

04 Jun 2019

Nominet releases its report Trouble at the top: The boardroom battle for cyber supremacy, which reveals the attitudes of enterprise boards towards cyber attacks. It highlights a number of knowledge gaps, a lack of resources, and disagreements and discrepancies about who is actually in charge of responding to a breach.

The research surveyed more than 400 C-suite executives from enterprises across the UK and USA, each overseeing businesses with over 8,000 employees.

Facing the inevitable

The threat to businesses’ cybersecurity is at a critical level, as more than three-quarters (76%) of C-level executives say that a cybersecurity breach is inevitable.

Despite this acceptance, the majority (90%) of respondents believe their company is missing at least one resource that would help them defend against a severe cyber attack - with the most common missing component being advanced technology (59%).

However, the problem goes deeper than that. There are more human factors at play, with senior management reluctant to accept advice (46%); a lack of budget (44%), and a lack of people resources (41%). All three are considered to be major components of a secure and effective cybersecurity strategy.

Who rules the roost?

There is also confusion at the board level as to who is ultimately responsible for the immediate response to a data breach. More than a third (35%) of those surveyed believe that the CEO is in charge of the business’ response to a data breach - with nearly a third (32%) saying it’s down to the CISO.

Despite this, the majority (71%) of the C-suite concede that they have gaps in their knowledge when it comes to some of the main cyber threats facing businesses today; the most common of which were malware (78%). This is alarming, given the fact that 70% of businesses admit to having found malware hidden on their networks for an unknown period of time - in some cases, for over a year.

When a security breach does happen, in the majority of businesses surveyed, it’s first reported to the security team (70%) or the executive/senior management team (61%). In less than half of cases is it reported to the board (40%).

This could be because of an uncomfortable truth: one-third of CEOs state that they would terminate the contract of those responsible for a data breach.

A lack of collaboration

Once a breach has occurred, there are discrepancies regarding collaboration at the top when it comes to resolving the issue. When surveyed, more than half (54%) of CISOs said they would receive assistance from other members of the C-suite. Conversely, nearly two-fifths (38%) of those board members say they would work with the security team to solve a cybersecurity issue.

This confusion may be a factor in the way that CISOs feel about their role in the workplace. Just half of CISOs say they feel valued by the rest of the executive team from a revenue and brand protection standpoint. Perhaps more worrying is the fact that nearly a fifth (18%) of CISOs say they believe the board is indifferent to the security team or even see them as an inconvenience.

In reality, support for CISOs is actually higher than they may realise. CISOs perceive that just 52% of their board of directors sees them as a ‘must have’, but the reality is that three quarters (76%) of C-level executives feel that way.

And while this may be the case, the feeling of not being valued is having a damaging effect on the CISO. Over a quarter (27%) said the stress of their job is impacting their physical or mental health. Just as worryingly, nearly a quarter (23%) admitted that the job had also affected their personal relationships. As more of a professional concern, 28% of CISOs also admit that stress levels are having an adverse effect on their ability to do their job.

Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Pure Storage acquires Portworx for $370m, extends Kubernetes services and support
Pure Storage has signed an agreement to acquire Portworx for approximately $370 million in cash, with the aim of extending Kubernetes and containers solutions and support. This deal represents Pure Storage’s largest acquisition to date. More
Link image
You’re invited to the future of work: A pandemic spotlight
The time for hyperautomation is now. With experimentation and exploration, you can take an automation mindset & create a future-ready workforce today. Learn how on 29 September from 11.30am AEST. Register now.More
Link image
What's new in Genetec Security Center 5.9
The platform supports physical security that empowers organisations with greater situational awareness.More
Link image
<span class="coloured">Unleash the intelligent way to automate at Pega Discover – Intelligent Automation</span>
Find out how the world’s largest brands are accelerating business and simplifying systems in this two-hour, interactive virtual event. By the end you’ll be primed to start getting business done smarter and faster while scaling toward your biggest business goals. Register Now.More