“Most big businesses not prepared for cyber attacks” finds global corporate governance research

New research led by Goldsmiths, University of London indicates that 90% of global corporations are at serious risk of cyber attack, while the majority of big business leaders are not confident that they’re prepared for such an event.

An independent study led by Dr Chris Brauer in collaboration with Nasdaq and leading cyber security company Tanium finds that a lack of accountability at Board and executive levels coupled with no clear focus on cyber security has contributed towards “systemic data vulnerability” in global companies.

Some 1,530 non-executive directors, Chief Information Officers and Chief Information Security Officers from across the US, the UK, Germany, Japan and Scandinavia were surveyed for ‘The Accountability Gap: Cyber Security and Building a Culture of Responsibility‘, which is said to be the largest study of its kind ever conducted.

While many commentators believe that cyber security in the private sector is improving, the study’s findings indicate an alarming gap between presumed and actual corporate preparedness for cyber security breaches.

The report explores topics such as cyber literacy, accountability, response and the appetite for risk. Dr Brauer’s research team worked with a global panel of cyber security subject matter experts to define challenges that make up cyber security vulnerability and developed a unique statistical model for scoring readiness, awareness and vulnerability for these challenges and assessed them through the survey.

Lacking the requisite knowledge

A recurring theme is that, while company Board members understand the importance of cyber preparedness, they widely lack the requisite knowledge of real-time specific cyber threats and the possible actions that should be taken in order to mitigate risk.

“What the report does do is make visible the key contemporary leadership challenges around cyber security and benchmark the readiness and awareness for these challenges of the corporate leaders from a sampling of the world’s largest organisations,” said Dr Brauer.

“There’s a good deal of focus on cyber security risks in the public domain, and we sought to inform ‘Calls to Action’ for organisations such that they might increase cyber accountability and reduce vulnerability.”

In fact, the study finds that the majority of non-executive directors feel a hesitance even to speak up regarding their concerns around cyber security matters as they don’t feel adequately knowledgeable on the subject.

Some of the key study findings are as follows:

*Every company is vulnerable to varying degrees of cyber attack, but 90% of respondents’ organisations could be categorised as medium-to-high risk

*98% of the most vulnerable companies’ non-executives directors and executives are not confident their organisations track all devices and users on the system at all times

*87% of Board members and executives at the most vulnerable companies don’t consider their malware, antivirus software and patches to be completely up-to-date at all times

*The least vulnerable companies are 31% more likely than the most vulnerable to have assessed the potential losses associated with cyber attacks

The research was directed by Dr Chris Brauer at the Institute of Management Studies, Goldsmiths, University of London and led by Dr Jennifer Barth and Dr Yael Gerson. Research assistance was provided by Alison Wilson, Ana Beatriz Alencar and Zainab Hammoud

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts