The cybersecurity “accountability gap” is growing as 40 percent of executives admitted they didn't feel responsible for the impact of a cyberattack and a lack of understanding concerning cybersecurity could be a contributing factor, according to a study commissioned by endpoint security firm Tanium and the NASDAQ.
The Accountability Gap: Cybersecurity and Building a Culture of Responsibility asked 1,530 non-executive directors, C-level executives, Chief Information Officers, and Chief Information Security Officers from around the world.
“Executives generally don't feel they have an important role in information security, believing it to be a problem for their IT and security teams.” Tanium Chief Security Officer David Damato said in comments emailed to SCMagazine.com.
He went on to say that cybersecurity should be something for which all executives feel responsible.The survey found that more than 90 percent of corporate executives said they cannot read a cyber security report and are not prepared to handle a major attack.
In addition, the report found only 10 percent respondents agreed that they are regularly updated with information about the types of cybersecurity threats to their business.
The survey found only 9 percent said their systems were updated regularly in response to new cyber threats.
To help executives gain better insight to the cybersecurity of their firms, Damato said they should be “armed with meaningful metrics and educated on how to interpret this information” to ensure they can assess cyber security risk as easily as they can assess financial risks.Unfortunately, many of the executives have a false sense of security and aren't even working to mend the accountability gap that this creates as many aren't even aware the gap exists, Damato said.
The study also found that 98 percent of the high vulnerable executives, which the report defines as those with a low awareness of the actions required to obtain good cybersecurity posture, are not confident their organization tracks all devices and users on their system at all times and 87 percent of that same group of executives also noted that they did not consider their anti-malware solutions or patches to be current.
Damato said the general public has the perception that basic security measures have been achieved “while in reality, companies with a high or moderate risk of a breach are unable to execute on even these fundamental aspects of information security.”
In order to reduce organizations' vulnerability and close the accountability gap researchers recommend that firms educate the entire staff, starting with the board on cybersecurity issues “and innovate continuously with cybersecurity in mind.”
“Open communication and accountability at all levels is key to a successful culture of responsibility, and these actions can serve as a north star for developing a holistic security posture that ensures your people, processes, and technology are set up for success,” the study said.