As cyberthreats continue to be a nuisance to major companies, senior management has yetto give it the attention it deserves, a recent study finds.
While they aresome of the most distinguished enterprises in the world, and considered bigtargets for cyber attacks, the report indicates that top-level management at the firms stillneglect suitable governance over the “security of their digital assets.”
Respondents to Carnegie Mellon University's CyLabGovernance of Enterprise Security survey, sponsored by RSA, including CEOs, presidents, corporate secretaries and boardchairs from the Forbes Global 2000 list. The report was previously conducted in2008 and 2010.
Less than one-third of respondents have implemented basic responsibilities for cybergovernance, the survey stated. When it comes to approving roles andresponsibilities of privacy and IT security personnel, 66 percent of thecompanies studied “rarely” or “never” take action.
According tothe report, the findings are consistent with the ongoing complaints made byCISOs and CSOs concerning inadequate funding, as 54 percent of respondentstypically do not approve annual budgets for security.
Manyorganizations continue to lack full-time senior-level management dedicatedto ensuring privacy and security risks. Less than two-thirds of thecompanies surveyed have brought on senior-level personnel to fill rolesresponsible for establishing common practices associated with securitystandards, the study found.
While theresults of the survey primarily highlight the lack of commitment to cybersecurity, on a positive note, compared to previous years the study was conducted, progress has beenmade regarding the employment of enterprise risk management (ERM) programs, andan increase in teams that “manage privacy and security issues and risks.”