According to a recent study, IT professionals based in the UK are more likely to consider their corporate board to be cybersecurity literate than their US counterparts.
The survey, conducted by Dimensional Research earlier this year, evaluated cybersecurity risk decision-making and communication between IT security professionals, executive teams and boards.
The majority of UK-based IT professionals (71 percent) claimed to believe their corporate board was cybersecurity literate. Meanwhile, only 57 percent of US IT professionals could say the same.
Furthermore, most UK respondents (71 percent) stated that their company’s board had a member responsible for cybersecurity – only half of US IT professionals (50 percent) said this was also true for their organizations.
“Cybersecurity is definitely a boardroom issue, and I’m encouraged that more organizations are engaging on this topic,” said Dwayne Melancon, chief technology officer for Tripwire.
However, Melancon adds that for boards to engage and do so effectively are two different things.
Additional findings from the study included the fact that nearly a third of US respondents (32 percent) believed the security information presented to the board did not accurately represent the urgency and intensity of the cyberthreats currently targeting their organization. Only 13 percent of UK IT professionals answered similarly.
Yet, about three-fourths of US respondents (74 percent) said high-profile external breaches, such as the incidents at Sony Pictures, Target and the Snowden Leaks, had the biggest impact on their board’s cybersecurity awareness.
For more than half of UK respondents (54 percent), a security breach at their own organization and Heartbleed, the high-impact vulnerability that came to light in April 2014, appeared to have a significant impact on their corporate board’s security awareness.
“From my experience, I believe some of the respondents may be overly optimistic about the cybersecurity literacy of their boards, which could be a challenge,” Melancon continued.
“Fortunately, a good number of organizations recognize that their current approach to depicting cybersecurity status falls short of their goal of creating an appropriate sense of urgency within their executive ranks,” he said.
Study respondents included 200 IT security professionals at US companies with annual revenues of more than $5 billion, and 151 IT professionals from UK organizations with annual revenues of more than £500 million.
To learn more on improving the cybersecurity literacy of boards and executives, visit: http://www.tripwire.com/cyberliteracy/