C-Level Never gets Security Updates: Report
Monday, April 25, 2016 @ 05:04 PM gHale
Just when you thought executives “got it” when it comes to security, everything seems to take a step back.
And that remains baffling because as anyone knows, to run any company knowledge is king, but yet there is a good chunk of C-level executives that never get updated on security incidents, a new report said. That could mean there are some companies operating in the dark.
Thirty-four percent of C-level executives never get updated, while 36 percent said they’re only updated on a need-to-know basis, 23 percent said they’re only updated annually, and 7 percent said they’re updated weekly or monthly, according to the results of a Ponemon Institute survey of 597 U.S. IT and IT security professionals.
The survey, conducted on behalf of Cyphort, also found 36 percent of respondents believe IT has the information required to make the C-suite aware of the potential risks posed by cyber threats, and whether or not the organization has a strong security posture.
On top of that, 47 percent of respondents said C-level executives remain concerned about cyber attacks against the companies.
Still, 63 percent of respondents said their companies had been the victims of one or more advanced attacks in the past year.
Thirty-nine percent of respondents rate their ability to detect a cyber attack as highly effective, 30 percent rate their ability to prevent cyber attacks as highly effective, and 17 percent rate their ability to prioritize alerts as highly effective.
“[D]espite such catastrophic data breaches as Target and Sony, cyber threats are not getting appropriate attention from senior leadership they deserve,” said Ponemon Institute chairman and founder Larry Ponemon. “Companies are still struggling to have an effective strategy to prevent and detect malware and advanced threats.”
The key barriers to remediation of advanced threat attacks, the survey found, are lack of visibility of threat activity across the enterprise (76 percent), inability to prioritize threats (63 percent), and lack of in-house expertise (55 percent).
Click here to register to download the report.