Lack of C-suite collaboration hampering cybersecurity, report finds

As cyber-attacks grow in frequency, chief information security officers and C-suite executives must work more closely together.

security group team circuitry
Thinkstock

Today’s businesses depend on constant, intimate digital relationships with suppliers, partners, and customers to remain top of mind and competitive. Intelligent technologies and big data often play a critical role across business operations—from C-suite decision-making to generating customized offers for online shoppers. Countless terabytes of data are stored in the cloud and more work is performed online, and an unfortunate byproduct has been dramatically increased corporate vulnerability to online attacks and more – and more expensive – security breaches. These realities are outlined in Accenture’s “2018 Securing the Future Enterprise Today” report, which also highlights the fact that some organizations are responding to this reality better than others, creating large gaps in cybersecurity resilience.  

Many companies are simply ill-equipped to handle the needs of modern cybersecurity, Accenture’s survey shows. Only 40 percent of the more than 1,400 C-suite executives polled said they always conferred with their business unit leaders to understand the business before suggesting a security approach, indicating an unsettling shortage of ongoing communication. Only 40 percent placed a high priority on creating or expanding an insider threat program, suggesting that too many top corporate executives aren’t as concerned as they should be about one of the most common security threats. Counterbalancing this worrisome finding is the fact that about half of respondents stated that all new staff in their organizations receive get training for cyber-security when they join the company and ongoing awareness training during their employment.

Seventy-three percent of those surveyed said that cybersecurity activities and staff must be distributed throughout the organization, although at 74 percent of companies, cybersecurity is mostly centralized. Moreover, C-level executives seem unlikely to spread these centralized responsibilities to business units; among non-CISO executives, only 25 percent claimed that their business unit leaders currently shared responsibility. A similar number believe business unit leaders ought to be responsible in the future.

The evolving enterprise  

The enterprise of the future – and the winning ones today – are leaner, faster and more agile. Business processes are streamlined, digitized and automated. However, as businesses adopt new and increasingly sophisticated digital technologies, companies must be sure they’re used in a secure manner – and the survey results indicate that executives are indeed concerned about security risks when they’re not. Of these potential risks, 77 percent of respondents claimed that the Internet of Things (IoT) will increase cybersecurity risks either moderately or significantly. Cloud services were close on the IoT’s heels, with 74 percent of executives polled claiming that cloud services will boost cyber-security risks at least moderately. Over 70 percent think sharing data with third parties will increase security risks at least moderately.

A need to secure the future

To manage risks, companies must incorporate meaningful cyberprotection strategies into everything they do today and in the future. This will certainly involve distributing cyberexpertise and responsibility throughout the business. It means asking the CISO to bring the online security perspective to meetings whenever business strategy is being formulated. Today, 62 percent of CISOs left in the dark until after the company has decided to launch a new business, if they are consulted at all. A paltry 38 percent of organizations bring their CISO into all discussions, the study finds.

Meanwhile, CISOs are having a hard time keeping up with the speed of digital transformation and the risks that accompany it. Half of CISOs say their responsibilities are growing faster than their ability to deal with them.

Slow to act

Although C-suite executives believe that some new technologies are potentially risky, action to protect against vulnerabilities is too often in short supply. Omar Abbosh, Accenture’s chief strategy officer, believes there is “still much work to be done.”

Only 44 percent of respondents say their cloud technology is safeguarded by their cyber-security strategy, showing a major gap between awareness and action. Similarly, only 39 percent say their data exchange with third-parties are adequately protected. Figuring out the right way to go when adopting new technologies is always hard, which may explain why companies aren’t taking a more proactive approach. The well-known consequences of the worst breaches, however, show that failing to act early can be costly.

Winning the race

Compared to even a few years ago, corporate security experts have made commendable progress in the war against cybercrime. More people are aware of the numerous online threats out there, and more people are doing something about them. Yet, winning the upcoming battles with cybercriminals will require new strategies and new tools. Leaders can assure the success of their connected, intelligent, autonomous business by ensuring that online security is a core competency throughout the enterprise.

Both traditional and emerging technologies are critical for the modern business world, and most C-suite executives are cognizant of the risks. But translating concerns into solid plans that can be acted on isn’t happening enough. Further, the IoT, cloud operations, and other technologies presents clear and present risks for enterprises of all shapes and sizes. If companies want to win the digital race against their competitors and become digital business champions, it’s critical for them to foster better communication and collaboration between CISOs and C-suite executives.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 digital issue of CIO