27/Jun/2019
A new global study of senior executives revealed a wide range of issues faced by UK and US boardrooms in the war on cyber crime. Among the outstanding findings were that the vast majority of C-level executives believe that while a cyber security breach is inevitable, a significant number believe that they lack the resources – and the knowledge – to fight back.
Titled Trouble at the top: The boardroom battle for cyber supremacy, the research surveyed more than 400 C-suite executives from enterprises across the UK and USA, each overseeing businesses with over 8,000 employees. The study was produced by Nominet, domain name administrator for .uk and published at the beginning of June.
Among the findings, 90% of business leaders feel they lack at least one resource necessary to defend against a cyber attack and 71% of C-suite members concede a number of knowledge gaps; the most prevalent being a lack of knowledge around malware (78%). One-third (33%) of those surveyed state that they would fire an employee who caused a data breach.
AI and machine learning may be gaining a level of maturity where they can play an increasing role in cyber security, but the human factor remains a key, often weak element. However, the problem goes deeper than that and often mitigates against a secure and effective cyber security strategy. Senior management is often reluctant to accept advice (46%); there may be a lack of budget (44%), and there may be a lack of people resources (41%).
Board level executives – and boards themselves – are often unsure of who might be first in line regarding an immediate response to a data breach. More than a third (35%) believed that the CEO is in charge of the business’ response to a data breach. Just under a third (32%) said it is down to the CISO.
A majority (71%) of C-suite executives conceded possible gaps in their knowledge when it comes to some of the main cyber threats currently facing businesses. The most common gap concerned malware (78%), which is particularly worrying, given that 70% of businesses admit to having found malware hidden on their networks for an unknown period of time – in some cases, for over a year.
The full report is now available from Nominet.
