Why CEOs Are in the Dark About Cyber-Security
Despite the growing threat of cyber-crime, support for cyber-security programs at the executive level is lacking, according to a recent survey.
One-third of CEOs are still not regularly briefed on cyber-security issues and related business risks.
43% of management teams do not regularly receive security status reports.
59% of respondents say threat detection metrics are the most effective for measuring security effectiveness, however, 79% still provide compliance and audit findings to their CEOs and other executives.
Executive visibility into security program effectiveness depends on the industry in which they work: 72% of respondents in financial services and 70% in health care say they regularly provide executives with reports and metrics.
Only 50% of respondents in manufacturing, hospitality, transportation and non-profit industries regularly provide reports and metrics to their executive teams.
75% of respondents cite budgeting issues as the primary barrier to improving cyber-security.
There is a growing cyber-security skills gap. 50% of respondents say lack of expertise is a primary barrier to cyber-security.
Endpoint security and privileged account security are the top two organizational security priorities for 2016, according to respondents.