You probably expect executive leadership to not just support cybersecurity efforts, but to be involved. New data shows organizations have a way to go until this is a reality.
Even if an organization is completely supportive of the cybersecurity strategy, it can’t exist in a technical bubble only. It requires a lot of input – from planning to implementation – to ensure that required business objectives are met as security controls become part of operations and resiliency plans.
But according to backup vendor CommVault’s latest report, The Cyber-Resilient Organization: Maximum Preparedness with Bulletproof Recovery, that’s just not the case. The report points out some very key (and somewhat conflicting) data.
First, let’s put some context around where organizations are on cyber attacks: 61% of organizations think they will suffer data loss from a cyber attack in the next 12 months is moderately to very likely.
OK, so they know it’s bad, right? But how aligned are the various levels of leadership with their organization’s cyber-preparedness? According to the report:
- 67% of CEOs and Managing Directors are involved “occasionally” or less
- 79% of Line-of-Business Leaders are involved on “occasionally” or less
And if an attack actually happened? 57% of organizations are still in need of incident response skills, making the prognosis of a bleak-looking aftermath.
While executive-level involvement doesn’t necessarily equate to a poor preventative and responsive cybersecurity strategy, it does mean planning and execution are done without business oversight. Doing this can potentially put your organization’s operations at risk post-incident.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.