The following is based on a study produced by PwC.
In today’s data-driven world, security is a must. Securing a company’s financial, administrative, and intellectual information means keeping a positive reputation intact and as a result- success. Although the risks of information theft are increasing world-wide, the subject has yet to infiltrate top executives’ list of priorities. According to a report recently published by PwC, the main issue is that managers and C-suite executives tend to employ a reactive approach: only employing serious security measures after a serious breach.
According to the report, 41% of US executives (who participated in the study) experienced some form of security breach or hacker theft in the past year. The majority of the businesses experienced financial loss (37.5%), intellectual and property theft was the second most common type of loss (31.8%). Moreover, information lost resulted in 31.2% of brand reputations to be comprised, 12.2% to be legally exposed or sued, 11.3% experienced a significant loss of shareholder value, and even 7.1% extortion cases.
No Grasp on Reality
One of the greatest problems, which ultimately results in such an extensive amount and rapid increase of information security breaches is executives’ false perception of the situation. Company officials may convince themselves and the people around the business that there are systems in place in order to prevent such threats. Though, when asked more specifically about the strategic measures which are undertaken at the moment, or their knowledge of certain alternatives most executives admit they have little to no idea about current procedures.
As a result, the problem isn’t only false information- but an unrealistic confidence that only puts information at a greater risk. Executives self-proclaim their businesses as secured and strategically prepared to fight the data battle- where in reality no long-term efforts are in place. According to the study 43% of executives identified themselves as leaders in the field, but when it came down to real knowledge an overwhelmingly low 13% of companies were actually ready to face hackers. Where these organisations demonstrate various practices, have a high level security leader, regularly review policies, as well as possess a deep understanding of current and future security risks.
Taking the above into consideration, the first step to an all-around secure data strategy is for the people within the business to get educated about the topic. Even reading this article is a step forward.
Obstacles to Data Security (As Described By Senior Executives)
According to CEOs, CFOs, and CIOs these are the principal obstacles in the journey to a secure business: Insufficient funding, shortage of in-house technical talent, lack of effective information security strategy, lack of actionable knowledge and understanding, overly complex or poorly set up IT infrastructure, and chief of security (absence of or non-effective).
As this information suggests, most of the problem stems from poor management and forward thinking.
How to Strengthen the Business?
With so many threats to take into account, it is easy to lose track or figure out where to start. Though, experts say that the most focal point is to encourage the learning process about information security throughout the business by elevating its importance and position in the overall mission and strategy.
That said, it shouldn’t be regarded as a strictly technological function. Moreover, as a burning issue to going forward and developing the business- it requires a leader or team which will be in direct contact with top decision makers. Not for the purpose of assistance in decision making, rather than enlighten C-suite executives about how security affects and will affect the business so they can carry it forward in the best way to sustainable growth. Leading security professionals can make the connection between security and company goals, and stand by them as KPIs for the business.
Furthermore, numerous executives mentioned that an organisation which puts funds into leading information security practices is incredibly attractive in the eyes of clients when compared to competition. This is true, especially as a result of breach cases that reached commercial awareness since 2013.
At the top of the chain, companies find it useful to insert security professionals into other business units. The PwC report gives a great example as to the way a security leader can be integrated with other departments.
“A company might engage the security leader and the sales leader, together, to consider how better information security can help close or speed sales. They might determine that having well-documented information security controls, processes, or certifications in place enables them to anticipate and address customer concerns immediately when or before the issue first is raised.”
As our lives become more dependent on mobile devices, as the sophistication of cyber-attacks evolve, and as governments enforce legislation: executives must become educated in the field. The research shows that 100% of companies which demonstrated they are security leaders regularly measure and review their security strategies. While 50% fewer information security incidents took place at companies which employ security leaders compared to the rest.
The information security battle is at the front of today’s business issues. Companies with a long lasting strategic plan will have a significant advantage over the rest of the market.
To learn more about the original study go to: http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.html