Deloitte’s CEO and Board Risk Management Survey shows organizations are unprepared for the future of cyberattack at the highest levels.
The threat of cyber risk that impacts an organizations reputation is at an all-time high. According to the Deloitte data, 96% of CEOs and board members believe their organizations facing security threats and disruptions is inevitable over the next two to three years. In fact, security risks, which include cyber breaches, were seen as a reputational threat to their organization in the next 12 months by the highest percentage of both CEOs and board members.
With such clarity on cybersecurity being a concern, surely the top leadership is focused on solving the problem.
But, according to the report, only 38 percent of CEOs and 23 percent of board members consider themselves “highly engaged” in the area of cyber risk. This is concerning, despite the massive potential for a single attack that can put an organization front and center in the headlines,
According to Chuck Saia, CEO of Deloitte’s Risk and Financial Advisory services, “Many admit that they’re not fully preparing for threats or prioritizing the investments needed to identify, respond to, and mitigate these risks.”
One of the key focuses in the Deloitte report is to create a cyber-aware organizational culture (surprisingly, something less than 40 percent of CEOs have a plan to invest in within the next 12 months). And yet, creating a security-focused culture within an organization helps to stop the most common of cyberattack vectors – phishing. Users that are vigilant against email-based phishing and social engineering scams through initiatives like Security Awareness Training are statistically less likely to become victims – therefore reducing the likelihood the organization becomes one as well.
With CEOs and board members not fully engaged, it’s up to IT and Security teams to lead the charge in preparing for cyber threat using effective measures designed to reduce risk.