Clever Geek Handbook

How to make top management of an organization friendly with cybersecurity

The digitalisation of business is driving business leaders to declare “cybersecurity is a board issue” and include related issues on the agenda. It seems that the Chief Information Officer (CISO) can breathe a sigh of relief and diligently follow the directives of the CEO and the board, but it's not that simple. We talk about systemic problems related to the integration of security into business processes under the cut.





The results of a survey of 365 cybersecurity specialists in medium and large companies in the USA, Canada and Western Europe, conducted by the research firm Enterprise Strategy Group (ESG) commissioned by Trend Micro, brought rather disappointing conclusions: cybersecurity still remains on the sidelines, and in most cases organizations believe they have enough "good enough" or "basic" protection.





About the survey

To collect data for the report, a comprehensive online survey was conducted of senior business, cybersecurity and IT professionals from the private and public sector in North America (USA and Canada) and Western Europe (UK, France and Germany) during the period from September 28 to October 24, 2020. To participate in the survey, respondents were required to be personally responsible for the operation of the organization and the implementation of the business strategy or be familiar with it. All respondents were given an incentive to complete the questionnaire in the form of cash prizes and / or their equivalents.





Who took part in the survey. Source: ESG
Who took part in the survey. Source: ESG

, , 365 , -.





,

  1. , , - , .





  2. , «», .





  3. CISO .





  4. .





  5. .









.





« — , »

(69%) , — , -.





Attitude towards cybersecurity. Source: ESG
. : ESG

11% , — , , , , .

, .





« “” »

: , , , , «» .





How the respondents assess various aspects of cybersecurity in their organizations. Source: ESG
. : ESG

«» :





  • 41% ;





  • 43% - - ;





  • 54% ;





  • , , 29% , .





« , »

CISO , , NIST Risk Management Framework (NIST 800-53), NIST Cybersecurity Framework, .

, CISO, «» , , , . , : , , , SOC .





Frameworks and standards used for cyber risk management. Source: ESG
, . : ESG

, - , .





(82%) — , .





Answers to the question about the dynamics of cyber risks. Source: ESG
. : ESG

, , :





  • - (35%);





  • (33%);





  • - (28%);





  • (28%);





  • SaaS- (28%).





-

, - . , , :





  • , 40% ;





  • , — 36% ;





  • 34% .





, / (SDLC).





, CISO CIO, , . , , , , .





How the level of interaction between IT and information security is assessed. Source: ESG
. : ESG

, (45%) , .





. , , IoT-, , VPN. .



- , -.



, , . , — : , . .









45% CISO CIO, 42% —  CEO. - - . , -, , — .









. , . CISO .





— BISO





, 18% , , - (Business Information Security Officer, BISO) . , , -, , , .







More articles:


All Articles