Attention to cyber-security is becoming daily routine in the C-suite
Attention to cyber-security is becoming daily routine in the C-suite

While far-reaching and diverse, the underlying causes of security risks are amenable to collective action.

According to new global research from The Economist Intelligence Unit (EIU), business leaders agree that they should, and can, think beyond the traditional horizons of their security efforts. The survey results included responses from 150 board members and C-suite executives.

Seventy percent of respondents agree their company's board needs a better-informed understanding of the underlying causes of insecurity. There are increasing instances of companies working with peers to discover areas where formal alliances and sharing of security intelligence can create positive change, with many efforts focused on strengthening cyber-defences.

Kelly Bissell, managing director and head of global security practice at Accenture highlights the need for cooperation that has the same global span as the cyber-security threat. “Attackers aren't bound by borders or country,” he says adding that the key point in fostering better cooperation on cyber-security is this: How do you share the data that matters, wherever it comes from?”

Respondents provided various answers when asked to identify “the leading barriers to adopting a more active role in helping to address root causes of insecurity”. The most common reason cited by 30 percent was the lack of agreement on how best to address these issues.

Twenty-seven percent said such activities would be “contrary to the corporate culture” and 26 percent said the company “does not have the resources to deal with the underlying security issues in more than a marginal way. Meanwhile, 24 percent said the company does not have the skills nor the knowledge to do so.

Nearly half (45 percent) said the responsibility for monitoring “immediate risks to cyber-security” rests with those who are directly in charge of cyber-security (meaning cyber teams). Thirty-three percent picked either C-suite or both (meaning cyber teams and C-suite).

When asked about responsibility for “emergent risks to cyber-security”, responsibility resting solely with the cyber team fell to 30 percent and the portion of respondents who picked C-suite or both jumped to 46 percent.

Widespread social issues present business risk for companies around the world. Whatever the underlying causes of insecurity may be, they manifest themselves in many ways, physical and cyber-threats among them. Executives are confident in political authorities' ability to mitigate the causes of insecurity, but there remain opportunities for companies to address their exposure to the threats motivated by insecurities.

After internal security efforts reach a level of maturity, collective action on root causes of insecurity is likely to become more prevalent. Larger and more sophisticated organisations are embracing greater cooperation and coordination to address deeply rooted threats, particularly around cyber-security issues.

More immediate steps that can help to tackle the security threats driven by underlying causes of insecurity in the world today include support cooperative forums; foster cooperation; step up education; communicate with customers; and improve device security.

“Many root causes of insecurity seen around the globe, such as ideological differences and income inequality, are actively compromising business decisions and security efforts. Many efforts are already underway, through education and the development of public and private alliances. Particularly through cyber, we see many real-time opportunities for business communities to work together, and in the long run, global security standards and technological approaches are being developed that put real barriers between bad actors and a company's continued operation,” said Rebecca Lipman, editor at EIU.