The BCI

Boards of directors lack understanding of the cyber risk

News   •   Jan 27, 2016 10:30 GMT

45% of cyber security professionals believe their board of directors has a major gap in its understanding of cyber risk, or simply don’t understand the risk at all. This is despite over half (54%) of boards being ultimately accountable for the cyber strategy, according to a new study by Harvey Nash and PGI Cyber.

The Cyber Security Survey also revealed that one third of cyber professionals (33%) believe their CEO has major knowledge gaps and almost half (49%) believe the same for their Chief Finance Officer. Chief Marketing Officers, many of whom have increasing responsibility for customer data and driving customer facing digital strategies, were also rated poorly, with 43% of cyber professionals believing they had major knowledge gaps, and one in ten (11%) believing they had no cyber risk awareness at all.

Whilst most cyber professionals feel their organisations have the basics covered, 85% still think there is more to do, and one quarter (26%) believe there is significantly more work to do. Unsurprisingly it is lack of finance that is holding cyber security back with 57% of respondents citing this as a reason for any gaps, while lack of security aware culture (49%) and a lack of understandings of the real threat (43%) were also highlighted.

Understanding of the threat is very high among business continuity professionals according to the latest Horizon Scan Report published by the Business Continuity Institute. 82% of respondents to a global survey expressed concern about the possibility of a cyber attack and 74% expressed concern about a data breach occurring.

Brian Lord, Managing Director, PGI Cyber commented: “Cyber security is as much about people as it is about technology. Whilst there is no doubt many boards are asking more questions about cyber security than they did five years ago, it is clear that there is much more to do to make organisations fully aware and prepared for the challenges of an increasingly global and digital world.