New research led by Goldsmiths, University of London indicates that 90% of global corporations are at serious risk of cyber attack, while the majority of big business leaders are not confident that they’re prepared for such an event.
An independent study led by Dr Chris Brauer in collaboration with Nasdaq and leading cyber security company Tanium finds that a lack of accountability at Board and executive levels coupled with no clear focus on cyber security has contributed towards “systemic data vulnerability” in global companies.
Some 1,530 non-executive directors, Chief Information Officers and Chief Information Security Officers from across the US, the UK, Germany, Japan and Scandinavia were surveyed for ‘The Accountability Gap: Cyber Security and Building a Culture of Responsibility‘, which is said to be the largest study of its kind ever conducted.
While many commentators believe that cyber security in the private sector is improving, the study’s findings indicate an alarming gap between presumed and actual corporate preparedness for cyber security breaches.
The report explores topics such as cyber literacy, accountability, response and the appetite for risk. Dr Brauer’s research team worked with a global panel of cyber security subject matter experts to define challenges that make up cyber security vulnerability and developed a unique statistical model for scoring readiness, awareness and vulnerability for these challenges and assessed them through the survey.
Lacking the requisite knowledge
A recurring theme is that, while company Board members understand the importance of cyber preparedness, they widely lack the requisite knowledge of real-time specific cyber threats and the possible actions that should be taken in order to mitigate risk.
“What the report does do is make visible the key contemporary leadership challenges around cyber security and benchmark the readiness and awareness for these challenges of the corporate leaders from a sampling of the world’s largest organisations,” said Dr Brauer.
“There’s a good deal of focus on cyber security risks in the public domain, and we sought to inform ‘Calls to Action’ for organisations such that they might increase cyber accountability and reduce vulnerability.”
In fact, the study finds that the majority of non-executive directors feel a hesitance even to speak up regarding their concerns around cyber security matters as they don’t feel adequately knowledgeable on the subject.
Some of the key study findings are as follows:
*Every company is vulnerable to varying degrees of cyber attack, but 90% of respondents’ organisations could be categorised as medium-to-high risk
*98% of the most vulnerable companies’ non-executives directors and executives are not conﬁdent their organisations track all devices and users on the system at all times
*87% of Board members and executives at the most vulnerable companies don’t consider their malware, antivirus software and patches to be completely up-to-date at all times
*The least vulnerable companies are 31% more likely than the most vulnerable to have assessed the potential losses associated with cyber attacks
The research was directed by Dr Chris Brauer at the Institute of Management Studies, Goldsmiths, University of London and led by Dr Jennifer Barth and Dr Yael Gerson. Research assistance was provided by Alison Wilson, Ana Beatriz Alencar and Zainab Hammoud