Confusion Reigns as C-Suite Bemoans Lack of Security Resources

Written by

Most C-level executives believe their organization is more exposed to potential security breaches because it lacks crucial technical, financial or human resources, according to new research from Nominet.

The .uk registry, which also offers DNS security services, polled 400 C-level executives in the UK and US to reveal boardroom attitudes to security risk.

Although most (76%) now understand that a breach is inevitable, 90% believe they’re missing something that would help mitigate cyber threats. These include advanced technology (59%), lack of budget (44%) and lack of staff (41%).

Another challenge highlighted by respondents was senior management reluctant to accept advice (46%).

In fact, knowledge and responsibility gaps at the top could be severely hampering organizations’ ability to respond to such threats. There’s confusion over who is responsible for breach response, with over a third of respondents (35%) claiming it’s the CEO, while 32% pointed to the CISO. The vast majority of respondents (71%) also admitted to having gaps in their knowledge, especially about malware (78%).

There’s also confusion over breach reporting. Although 70% said incidents are initially reported to the security team, 61% do so to the executive team and 40% to the board. A third of CEOs even claim they would fire any employee responsible for a breach, despite the admission that such incidents are inevitable.

Only half of CISOs feel valued by the board in terms of brand and revenue protection, with 18% believing the board thinks they’re an inconvenience. However, over half (52%) of directors said their CISO is a “must have.”

This confusion could be responsible for the moderate to high stress levels that most (91%) CISOs experience, damaging the mental health of over a quarter (27%), according to separate findings from the same research released by Nominet in February.

“This research is very much a case of ‘the good, the bad, and the ugly.’ It’s good to see that business leaders are aligned on the fact that cyber-attacks are pretty much an inevitable part of working life. Acceptance is the first step to protection. There’s also a dedication to keeping customer and client data safe,” argued Nominet CEO, Russell Haworth.

“But the bad comes with the power struggle at the top, with confusion over who should actually take responsibility in case of a data breach or cyber-attack, which is detrimental to the safety and security of the business. And the ugly is how CISOs feel within their organization.”

What’s hot on Infosecurity Magazine?