The 2016 Cyber Security Survey compiled by PGI and Harvey Nash shows that the majority of Chief Executive Officers (CEO) at organisations lack understanding when it comes to cyber security matters.
According to the survey, senior technology leaders like Chief Information Officers (54%) and the Chief Technology Officers (48%) were rated highest by senior information security professionals as being ‘very well informed of risk’. This compares to only 27% of CEOs and 25% of Chief Operating Officers (COO). Faith in the Chief Marketing Officer’s (CMO) knowledge of information security risk is even lower, with only 20% of the senior information security leaders surveyed rating the CMO as very well informed. And despite the Board apparently accepting responsibility for information security risk they are also rated lowest for their risk awareness, at 17%.
This lack of cyber security awareness at the top of organisations is worrying as it is often those at the top that make the decisions needed to counter cyber threats. A lack of understanding means that company IT departments may not be adequately resourced to deal with a cyber incident. It also means that an organisation is unlikely to have the cyber aware culture it needs to reduce the threat. According to the survey a cyber security culture is lacking for almost half (49%) of organisations and it appears that more lip service is being employed than actual experts who can deliver the cultural change needed.
If the people at the top are cyber aware than the likelihood that people operating in the rest of a business will be too.
PGI’s Cyber Security Awareness Course teaches leaders and managers of organisations to grasp the business critical issues of cyber security. By understanding what needs to be done to reduce risks, an organisation’s leadership can take appropriate and effective action.