Leading companies tend to treat cyber risks in the same way they do other critical risks — primarily in terms of a risk/ reward trade off. However, the sophistication of the attacks that corporations face today outstrips basic defenses, and as the complexity of these attacks increase, so does the risk they pose to corporations. In addition, competitive pressures to deploy cost-effective business technologies may affect resource investment calculations for security. These competing business pressures mean that conscientious and comprehensive oversight of cybersecurity risk at the board level is essential. However, it can be difficult for technical executives to accurately convey the changing shape of cybersecurity risks to non-technical executives.
To understand how executives at leading companies view these risks, Tripwire sponsored a study of 200 business executives and 200 IT security professionals at U.S. companies with revenue over $5 billion per year. The study was conducted by Dimensional Research between February 15 and March 1, 2015.
The results of our study indicated that the levels of understanding of and confidence in cybersecurity literacy among boards and executives varied widely. Although all respondents considered themselves and their boards to be “cybersecurity literate,” C-level executives were frequently the least confident in the cybersecurity information presented to their boards.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program