C-suite Underestimates Impact of Cyber Attacks: A Podcast With the EIU
According to a 2016 study from the Economist Intelligence Unit (EIU), sponsored by VMware, senior technology leaders overwhelmingly rank cyber security as the top institutional priority, while C-suite executives rate it as only the seventh most important issue—out of eight—facing their organizations. Conducted over the first two months of 2016, the study surveyed 1,100 senior executives, recruited from companies between $500 million and $5 billion in revenues, on data security practices within their firms. The survey consisted of C-suite executives (CEOs, CFOs, and COOs), and security executives (CIOs, Chief Data Officers, and Chief Information Security Officers).
There is no question that cyber attacks are increasing in frequency and sophistication. The best defense that an organization stands against such attacks is a unified institutional response. However, without consensus among all key decision makers, this unified response is next to impossible. This is why the disconnect between the C-suite and security executives over the importance of security is so concerning. This critical disconnect between the two leadership teams results in inadequate budgets, personnel, and support from executive leadership to meet the challenges posed by cyber attacks. These inadequacies, then, lead to security vulnerabilities that affect the entire organization by creating friction on efficiency, collaboration, and innovation. This chain reaction is best remedied with an alignment of C-suite and security leadership teams on the issue of cyber security.
Listen to the podcast to hear West Coghlan, senior editor for technology at the Economist Intelligence Unit, argue that forward-looking businesses should not view cyber security as an IT issue but rather as an enterprise-wide challenge to be prioritized by the C-suite, supported by the Board, and integrated throughout the company as part of a culture of security. Coghlan recommends specific security training and a feedback loop to assess which employees are not in compliance and to identify precisely where the vulnerabilities are occurring.
Stay tuned on Radius for part two of this three-part podcast series on cyber security, coming in August.