Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 27 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Uncertainty is widespread across companies over who takes the lead on cyber, says Willis Towers Watson

by The Gurus
September 7, 2018
in Editor's News
Cybersecurity Robustness
Share on FacebookShare on Twitter

A majority of executives around the world feel they face a “specialist-generalist” dilemma as to whom leads on cyber resiliency due to its critical nature across the company, but also the recognition that specialization is necessary. This is according to the results of a global survey conducted by The Economist Intelligence Unit (EIU) and sponsored by Willis Towers Watson. The EIU surveyed over 450 companies across the globe about their strategies and the challenges they face in building a cyber resilient organization. Almost 40 percent of executives surveyed felt that the board should oversee cyber, compared with 24 percent who felt it should be the role of a specialized cyber committee. A small portion of respondents surveyed believed it should be the responsibility of audit, risk or some other subgroup.

 

The survey also found that communication within leadership roles regarding cybersecurity risks is also inconsistent:

  • Only 8% of executives say that their CISO or equivalent performs above average in communicating the financial, workforce, reputational or personal consequences of cyber threats.
  • Less than a quarter of executives say that their cyber resilience board briefings are “well above average”.
  • Under 15% give their CISOs or equivalent a top rating from a scale of one to ten.

 

“It is no surprise that one of the main challenges companies face when implementing a cyber risk mitigation or resiliency plan is the communication gap between the board and the CISO,” says Anthony Dagostino, global head of cyber risk with Willis Towers Watson. “Cyber resiliency starts with the board because they understand risk and can help their organizations set the appropriate strategy to effectively mitigate that risk.  However, while CISOs are security specialists, most of them still struggle with adequately translating security threats into operational and financial impact to their organizations- which is what boards want to understand. To close this communication gap, CISOs need tools that can help them quantify and translate the vulnerabilities uncovered from their cybersecurity maturity assessments. These tools enable them to better communicate the risk to the board, seek adequate budget, and enable the board to provide meaningful guidance”.

 

According to the survey, the specialist-generalist dilemma is not only faced at the board level, as cyber requires specialist knowledge and skills along with enterprise-wide business, workforce and process capabilities. For example, as workforce vulnerabilities contribute to most cyber incidents, two-thirds of companies surveyed believe HR and Information Security partnership is key. When asked whom takes a lead role in developing employee-related cyber risk policies, 54% said HR leads with Information Security advising and 28% said Information Security leads with HR advising. “These findings are encouraging because they signal that more organizations are involving their HR function in addressing cyber risk. Still, organizations need greater collaboration between their CHROs and their CISOs to truly assess the organizational culture driving cyber risk in the first instance. The solution isn’t always more security awareness training. It could be a leadership or incentives and rewards issue, things that fall squarely within the function of the CHRO,” Dagostino added.

 

Some other key findings around leadership responsibilities for cyber include:

 

  • 3 out of the 4 regions surveyed believe that the “board as a whole” should oversee cyber risk, while Europe believes it should be a dedicated cyber group.
  • Only 30 percent of executives believe they have enough directors that understand  cyber risks and only 23 percent are actively recruiting directors who understand those risks.

In all regions except the UK, the heads of cyber-resilience report to the CEO. In the UK, most report to the board.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Managing the Customer Trust Crisis: New Research Insights

Next Post

CyLon Welcomes Nine New Cyber Startups To Its Eighth London Accelerator Programme.

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information