Report says cyber security still takes a backseat for major companies

As cyber threats continue to be a nuisance to major companies, senior management has yet to give it the attention it deserves, a recent study finds.

While they are some of the most distinguished enterprises in the world, and considered big targets for cyber attacks, the report indicates that top-level management at the firms still neglect suitable governance over the “security of their digital assets.”

Respondents to Carnegie Mellon University's CyLab Governance of Enterprise Security survey, sponsored by RSA, including CEOs, presidents, corporate secretaries and board chairs from the Forbes Global 2000 list. The report was previously conducted in 2008 and 2010. 

Less than one-third of respondents have implemented basic responsibilities for cyber governance, the survey stated. When it comes to approving roles and responsibilities of privacy and IT security personnel, 66 percent of the companies studied “rarely” or “never” take action.

According to the report, the findings are consistent with the ongoing complaints made by CISOs and CSOs concerning inadequate funding, as 54 percent of respondents typically do not approve annual budgets for security.

Many organizations continue to lack full-time senior-level management dedicated to ensuring privacy and security risks. Less than two-thirds of the companies surveyed have brought on senior-level personnel to fill roles responsible for establishing common practices associated with security standards, the study found.

While the results of the survey primarily highlight the lack of commitment to cyber security, on a positive note, compared to previous years the study was conducted, progress has been made regarding the employment of enterprise risk management (ERM) programs, and an increase in teams that “manage privacy and security issues and risks.”