In today’s digital era, enterprises and consumers do not exist in silos. The rising network connectivity and interdependence of infrastructure networks in one of the world’s top risk drivers. The key findings of the 2018 Global State of Information Security Survey (GSISS) conducted by PwC, CIO and CSO, reveal what enterprises and governments worldwide need to do to become cyber resilient in the face of rampant threats.
Enterprises across the globe are starting to bridge the IT and business gap, but there is still a long way to go when it comes to the boards’ involvement in security measures. Just under half of all GSISS respondents agree that risk alone drives security spending. About 30 percent disagree, and the remainder are not sure about the board's role in defining security strategy for the organization.
The 2018 GSISS findings reveal that it is more common for a company’s chief security officer to report directly to the CEO or the board than to the CIO. It is the CSO’s responsibility to make sure the board understand the business risks associated with a cyber-attack and to communicate why the organization needs to have a robust security strategy.
There is general consensus among security experts that anyone can be hacked. Only half of the survey respondents said their organizations conduct background checks on employees. In an age where securing the perimeter is not enough and insider threats are plaguing the enterprise, it is alarming to note that 44 percent of the surveyed respondents do not have an overall information security strategy.
They key findings of GSISS 2018 also take into account other surveys which highlight the global state of security. According to the UN’s 2017 Global Cybersecurity Index, governments worldwide are not prepared to tackle the cyber risk of the digital age. Less than 40 percent of member countries have a published cybersecurity strategy. Although over 60 percent have an emergency response team, only 21 percent declare metrics on cybersecurity incidents.
While it is no secret that IoT will be the future in technology, it also brings along unprecedented cyber risks that enterprises are unprepared to deal with. There is a lack of clarity about the ownership of responsibility for IoT security. According to the survey respondents, organizations do not have a defined role who is in charge of securing the connected enterprise.
Want to keep your enterprise safe? It’s certainly not one man’s job. Although close to 60 percent of survey respondents formally collaborate with peers to reduce cyber risks, only half of them say their efforts have been fruitful. It is high time that organizations and countries realize that cyber war is the new reality of the connected era, which needs sharing of information and insights to keep data privacy intact.