A survey by the Information Systems Security Association (reported on Cyber Security Intelligence, cybersecurityintelligence.com/blog/cyber-security-insights-for-executives-5483.html/) found that 58% of senior managers stated their organization's executive level commitment to cyber security was very good. The remaining 42% rated commitment as only satisfactory or worse.
Since cyber threats are continually evolving and any business regardless of size can be targeted, executive lack of attention to cyber security is dangerous.
Other signs of trouble in the survey:
- 56% of respondents said their organization did not provide the right level of cyber security training.
- 20% of cyber security professionals say the relationship with IT is fair or poor.
- 27% of respondents claim the relationship between cyber security and the business is fair or poor.
To plan properly for cyber security, executives need an incident response plan, a designated response team and leader, and enough resources and external partners. The first 24 hours after a breach are critical.
Cyber security needs to consider both external and internal threats. 43% of data breaches come from inside organizations, by sharing files or passwords and clicking on malicious links. Every employee from CEO to receptionist must be concerned about cyber security.
Executives need to create a work environment that is vigilant and proactive.