Recent data from Check Point Security’s Cyber Talk shows organizations are massively unprepared for attacks on network, mobile, and physical security.
While the role of a CSO and CISO vary specifically from organization to organization, it’s clear that each adds value to ensuring the security of the company’s environment and its’ data. So, when Cyber Talk recently surveyed its readers, they found that well over half of organizations have no one in either the CSO or CISO role. What makes this more disturbing is the role the same respondents saw those titles owning:
- 70% of CSOs/CISOs are responsible for network security and mobile security.
- 66% are responsible for cloud security
- 50% are responsible for physical security
In organizations without a CSO or CISO, nearly half put the responsibility of security on the CEO – a person who already has a very full plate and, usually, no expertise in security.
This data echoes last year’s data from Hiscox’s Cyber Readiness Report, in which only 13% of organizations stated they saw themselves as “cyber experts”, ready for cyber attack. The lack of leadership can have a material impact on an organization’s readiness.
Whether or not your organization has a “C” at the security helm, it’s critical to have some form of cybersecurity strategy in place – and you don’t have time to wait on your CEO to do it.You can start with the National Institute of Standards and Technology (NIST) Cybersecurity Framework as the basis for your plan – which should include Security Awareness Training to ensure users play a role in enhancing security.