Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, today announced the results of a study conducted by Dimensional Research on the cybersecurity literacy challenges faced by organisations. The study, carried out in May 2015, evaluated cybersecurity risk decision-making and communication between IT security professionals, executive teams and boards. Study respondents included 200 IT security professionals at U.S. companies with annual revenues of more than $5 billion, and 151 IT professionals from U.K. organisations with annual revenues over £500 million.
Key findings include:
- IT professionals in the U.K. (71 percent) were more likely to consider their corporate board to be cybersecurity literate than their U.S. counterparts (57 percent).
- 71 percent of the U.K. respondents said their company’s corporate board had a member responsible for cybersecurity, only half (50 percent) of U.S. IT professionals said this was true for their organization.
- Nearly a third (32 percent) of U.S. respondents believed the information presented to the board did not accurately represent the urgency and intensity of the cyberthreats targeting their organization. Only 13 percent of U.K. IT professionals answered similarly.
“Cybersecurity is definitely a boardroom issue, and I’m encouraged that more organisations are engaging on this topic,” said Dwayne Melancon, chief technology officer for Tripwire. “However, engaging and doing so effectively are two different things.”
When asked which major security event had the biggest impact on their board’s cybersecurity awareness, 34 percent of U.K. respondents said an internal security breach at their organization. However, 74 percent of U.S. respondents said high-profile external breaches, such as Sony Pictures, Target and the Snowden leaks, had the most impact.
Melancon continued, “From my experience, I believe some of the respondents may be overly optimistic about the cybersecurity literacy of their boards, which could be a challenge. Fortunately, a good number of organisations recognise that their current approach to depicting cybersecurity status falls short of their goal of creating an appropriate sense of urgency within their executive ranks.”
For more information about the survey please visit: http://www.tripwire.com/company/research/us-uk-cybersecurity-literacy-comparison-survey
