Cybersecurity is similar to auto insurance. You pay your premium every month, with no expectation that you will actually use it. It’s peace of mind, but not something you really think about. Until recently, the same could be said for cybersecurity. In the early 2000’s, following 9/11, organizations had a keen interest in all things related to security. However, interest waned a bit as things “went back to normal.” A few years later, Sarbanes-Oxley compliance became a priority for many organizations, once again peaking interest in cybersecurity.
Fast forward to 2015. In light of high profile cyber attacks and data breaches, executive interest in cybersecurity remains high. CSO’s 2015 U.S. State of Cybercrime Survey found that only one in four Chief Information Security Officers (CISOs) or Chief Security Officers (CSO) make security presentations to their board annually. Thirty percent of respondents indicated that their security executives make quarterly security presentations. Encouraging numbers for sure, however 28 percent of respondents said their security leaders never make presentations to the board.
So why the lack of executive and board-level focus on cyber security? As we discussed in the HOSTING webinar covering the 2015 Alert Logic Cloud Security Report, many organizations that migrate their sensitive data to the cloud mistakenly assume that their security concerns are completely handled by the cloud service provider (CSP). However, as HOSTING CISO Johan Hybinette explains, cybersecurity is a shared responsibility between the customer and their CSP.
“Bottom line, it’s the data owner (typically the customer) that is ultimately responsible for securing it,” says Johan. “Cloud providers such as HOSTING offer protection throughout our infrastructure, as well as managed services to ensure customers’ data is secure and compliant. However, it’s up to the customer to make sure their information assets are properly safeguarded and compliant.”
Some C-suites have also relegated cybersecurity to their IT teams, viewing it as “an issue for IT to fix” instead of an long-term, strategic business objective. As Doug Dooley, venture capitalist at Venrock notes, “Every board member needs to have a point of view on handling cyber risks and threats to its business.”
With the surge of data breaches we’ve seen over the past two years, concerns about cybersecurity won’t go away anytime soon. Keep the conversation going with your executive and board leadership. Download the 2015 Alert Logic Cloud Security Report for expert insights on the types of cyberattacks that impact specific industries, as well as 10 Best Practices for Cloud Security.