Cyber Security: What all Businesses Can Learn From the C-Suite’s Top Risks
A new global survey of business executives showed that cyber security is becoming one of their most critical business concerns – as it should be.
Consulting firm Protiviti partnered with North Carolina’s State University’s ERM Initiative for the survey, the third annual Executive Perceptions on Top Risks for 2015.
While the number one risk for the third year in a row was ‘regulatory changes and scrutiny’, the survey provided several important takeaways about risk management.
Take cyber security seriously. Cyber threats moved up three rank positions compared to last year to take the number three spot, and they’re the top operational risk overall for large organizations. Of course, research already shows the upsurge of cyber risks. The Global State of Information Security Survey 2015 reported that the total number of security incidents detected by respondents climbed to 42.8 million in 2014, an increase of 48% over the previous year. That’s the equivalent of 117,339 incoming attacks per day.
Information security belongs in the boardroom. While the survey’s 275 respondents (all board members and c-suite executives) demonstrated a clear understanding of the effects of data breaches, many business leaders are still not on board. Shred-it’s 2014 Annual Security Tracker, for example, showed that only 42% of C-suite executives had a protocol in place for storing and disposing of confidential data; 31% had no protocol in place at all. Only 12% admitted to having both a locked container and a professional shredding service.
A strong security posture is so important. Organizations in the survey see technology as a double-edged sword. While social business, cloud computing and mobile technologies can support business goals, they also increase privacy and security risks with core operations and brand reputation most at stake. Security experts recommend implementing data loss protection, network security, endpoint security, encryption, strong authentication and other IT technologies. At the same time, create a culture of security, and demonstrate a top-down commitment to the total security of business and customer information.
Put someone in charge of information security. Organizations need the right talent to achieve operational targets. With a tightening labor market, companies must do everything they can to hire and retain employees with the right skills. Appoint a Chief Information Security Officer. Implement on-going training so all employees are up-to-date on information protection policies and procedures too.
Be prepared for cyber attacks. Number eight on the Top Risks list was that organizations may not be sufficiently prepared to manage an unexpected crisis. Do regular risk assessment/analysis audits, and put a comprehensive crisis response plan in place.
Employ information security best practices. Fifty-two percent of survey respondents expected privacy/identity management and information security system protection would cost more in 2015. But putting best practices in place is a critical strategy. Implement a document management policy, a shred-all policy to remove decision-making regarding what is or isn’t confidential, and a clean desk policy. Also, partner with an information destruction company that supplies locked consoles for confidential documents that are no longer needed.
Find out why physical safeguards such as hard drive destruction are important cyber security strategies too.