Bitglass Report: “Leading companies failing to demonstrate commitment to cyber security”

Bitglass has published its latest report entitled ‘The Cloudfathers: An Analysis of Cyber Security in the Fortune 500’. To discover whether or not the world’s leading companies are committed to enhancing their cyber security initiatives, the company researched the members of the 2019 Fortune 500 and analysed public-facing information such as what’s available on their websites.

The Cloudfathers report found that 77% of the Fortune 500 make no indication on their websites about who’s responsible for their security strategy. Additionally, 52% don’t have any language on their websites about how they protect the data of customers and partners (beyond a legally required privacy notice).

The results demonstrate that most organisations lack an authentic and lasting commitment to cyber security, with certain industries being less security-conscious than others. As breaches continue to cost brands millions, incite executive turnover, decrease stock prices and harm countless stakeholders, it’s crucial that organisations appoint relevant leadership and prioritise proper cyber security.

Other key findings of the research are as follows:

*38% of the 2019 Fortune 500 don’t have a Chief Information Security Officer (CISO)

*Of this 38%, only 16% have another executive that’s listed as being responsible for cyber security strategy

*Of the 62% that do have a CISO, only 4% have them listed on their company leadership pages

The transportation industry is the most security-conscious of the traditional verticals, with 57% of its companies listing an executive as being responsible for cyber security strategy. The aerospace industry (33%) and the insurance industry (30%) come in second and third respectively.

No less than 89% of organisations in the aerospace industry have information available on their websites about how they’re protecting the data of customers and partners. Aerospace is followed by finance (72%) and technology (66%).

No hospitality companies list an executive who’s responsible for cyber security strategy. The manufacturing and telecommunications industries follow closely behind at 8% and 9% respectively.

Within each of the construction, oil and gas and hospitality industries, only 25% of organisations have information on their websites about how they protect customer and partner data.

“Corporate Social Responsibility initiatives have made it on to the websites of the Fortune 500, but research has shown that the same level of importance isn’t being given to publicly demonstrating a commitment to cyber security initiatives,” said Anurag Kahol, CTO at Bitglass. “Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners and other stakeholders. Members of the Fortune 500 should be focused just as much on protecting personal data and consumer privacy as they are on other areas of social responsibility.”

*To learn more about the current state of cyber security commitment among the 2019 Fortune 500, download the full report here:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts