CEOs often in the dark about security issues

A third of CEOs, and almost a half (43 per cent) of management teams are not regularly briefed on cyber-security issues, a new industry research by CyberArk shows. While 79 per cent of IT security professionals are reporting on compliance metrics to demonstrate security programme effectiveness, 59 per cent state that threat detection metrics are most important.

The survey of global IT security professionals, “The Gap Between Executive Awareness and Enterprise Security,” also shows that 60 per cent of respondents believe their organisation can be breached. As cyber-attacks grow in aggression and impact, CEOs and boards are being held accountable for the security posture of their organisation.

While IT security professionals are relying on executive-level leadership on security issues, CEOs are increasingly relying on their IT security teams to provide them with the security information that matters. The survey shows that the cyber security awareness gap may be driven in part by the need for security teams to properly educate CEOs on what’s business critical when it comes to security.

Improving IT security fundamentals is a critical step in improving an organisation’s overall security posture.

To help support the need for greater executive guidance and dialogue around critical cyber security decisions, CyberArk recently launched a new industry initiative, the CISO View. The CISO View provides a forum for the CISO community to share best practices and tangible guidance for building effective cyber security programmes. A new report, “The Balancing Act: The CISO View on Improving Privileged Access Controls,” features advice from a panel of CISOs from global 1000 enterprises about how to lead a comprehensive privileged account security programme including recommendations for getting executive buy-in, delivering metrics that matter, and measuring effectiveness of the controls. The report is available for free.