If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.
This is according to new research from CORE Security. In a survey of 100 CEOs and 100 CISOs, the company found that 36 percent of the CEOs said the CISO never reports to them on the state of IT infrastructure security. Some 27 percent said they receive updates on a somewhat regular basis.
“CEOs are looking at the issue of security in business terms while the Chief Security Officer is looking at it in technical terms,” Mark Hatton, CEO at CORE Security, told SecurityWeek. “Security protection is often viewed as an expense, not something that can save your business from being hijacked, extremely embarrassed or devalued – or even something that can get them fired. At the same time, CISOs are often ill-equipped to explain this to their CEOs in part because they frequently don’t know themselves how to process the data that they have.”
Additionally, more than 60 percent of CISOs said they were very concerned about their IT systems experiencing a breach, only 15 percent of CEOs were very concerned about their network being attacked. Sixty-five percent of CEOs confessed to not having the sufficient data needed to interpret how security threats translate to overall business risk.
“These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets,” said Patricia Foye, senior vice president of marketing at CORE Security, in a statement. “The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least. CEOs need to bring their security teams into the mainstream of day-to-day operations. Security and continual risk assessment should be woven into the fabric of operational reviews and should be an agenda item at the Board of Director level.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
