Home » Risk Management » ERM - Enterprise Risk Management

C-suite and CISOs must collaborate on cybersecurity

Data security officers should work more closely with other c-suite executives to improve strategies for prevention of cyber attacks, according to a report published by Accenture. Chief information security officers (CISOs) and chief information officers (CIOs) often have limited influence on cybersecurity strategy outside their departments, which is a problem in terms of developing a cohesive company-wide response to the threat of cyberattack.

The report, based on a survey of 1,400 c-level executives, found that almost three-quarters (73 per cent) agree that cybersecurity staff and activities need to be dispersed throughout all parts of the organisation, even though cybersecurity remains centralised in 74 per cent of companies.

New approach needed

The report states: “With the proliferation of more and more sensitive data, expanding connectivity, and the adoption of automated processes, new research from Accenture reveals that c-suite and IT decision makers need to embrace a different approach to cybersecurity to effectively protect against future cyber risks.”

It also found that fewer than one-third of CISOs and business leaders collaborate on a cybersecurity plan and budget. Securing the Future Enterprise Today – 2018 also found that only 25 per cent of non-CISO executives say business unit leaders are accountable for cybersecurity today and a similar number believe business unit leaders should be responsible in the future.

Cybersecurity on the front lines 

Accenture’s Omar Abbosh commented: “Cybersecurity strategy needs to be led by the board, executed by the c-suite and owned at the front lines of the organisation. It must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees.”

Accenture's graph on the right shows that most c-level executives agree that a decentralised cybersecurity strategy would enhance prevention.

The report also highlights that:

  • Only half of respondents said all employees receive cybersecurity training upon joining the organization and have regular awareness training throughout employment.
  • Surprisingly, only 40 per cent of CISOs said establishing or expanding an insider threat program is a high priority.
  • Just 40 per cent of CISOs said they always confer with business-unit leaders to understand the business before proposing a security approach.

This item appears in the following sections:
Risk Management
ERM - Enterprise Risk Management
Green Corporate Treasury Department

Also see

Comments

No comment yet, why not be the first?

Add a comment