Cyber-Security Meets the BoardBy Samuel Greengard | Posted 2015-11-16 Email Print
Ongoing cyber-security breaches are finally lighting a fire under the seats of corporate directors and board members. But there's still a lot work to be done.
The onslaught of cyber-security breaches and breakdowns has left most businesses and their IT departments reeling. Navigating this netherworld and keeping enterprise assets and data safe is a daunting task—and it becomes more difficult by the day.
Fortunately, the issue is finally lighting a fire under the seats of corporate directors and board members. The 2015 BDO Board Survey, which polled 150 top enterprise leaders, offers some interesting insights into the thoughts and actions at the highest level of organizations. The results are a mix of good and bad.
The good news: Cyber-security is finally appearing on the radar of corporate leaders.
The bad news: Most organizations continue to face a significant cyber-security blind-spot at the board level.
Other insights from the study include the following:
70 percent of respondents have increased company investments in cyber-security during the past year, with an average budget expansion of 22 percent.
69 percent reported that their board is more involved with cyber-security than it was just 12 months ago.
87 percent of directors indicated that they are briefed on cyber-security at least once a year. Among this group, 33 percent are briefed at least quarterly.
28 percent of board members said their company has purchased cyber-insurance.
Yet, less than half of companies have a cyber-breach response plan in place, and just one-third of corporate directors reported that they have documented and developed solutions to protect their business's critical digital assets.
"Cyber-security is moving up on the boardroom agenda," reported Shahryar Shaghaghi, national leader of Technology Services for BDO Consulting. "Nevertheless … there is much work to be done.
"It is especially troubling that less than half of the directors believe their company has a cyber-incident response plan in place, and only one-third have cyber-risk requirements for third-party vendors—a major source of cyber-attacks."
Of course, knowledge—along with a recognition of just how challenging today's cyber-security environment is and how risky it is for organizations—is critical. While the results of this survey show that organizations are taking a step in the right direction, it's undoubtedly advisable to pick up the pace from a slow shuffle to a brisk sprint.