Corporate Boards, Executives Not Focused on IT Security
| Topic : Security and Compliance
With large portions of enterprise data now managed across email, social media, cloud and other channels, protecting confidential information has become a difficult task for some organizations. However, despite IT departments' growing concern for privacy and security-related issues, most corporate leaders are still not making either responsibility a top priority.
According to a recent survey by Carnegie Mellon CyLab, corporate boards and senior management are not giving privacy and cybersecurity enough attention, making some businesses more vulnerable to cyberattacks and other threats.
"Privacy and security are competitiveness issues, and companies that set the tone of a 'trusted workplace' with their employees also convey the message of a 'trusted business' to the marketplace," said Jody Westby, CEO of global risk at Carnegie Mellon CyLab. "Effective governance enhances profitability through the mitigation of liabilities and losses associated with compliance costs, operational downtime, cybercrime, and theft of intellectual property."
While the results revealed many organizations' top officials are becoming more involved in the development of policies and budgets related to privacy, data protection and cybersecurity, the majority of board members and senior management are not embracing oversight activities.
The CyLab study found that only 23 percent of corporate boards at Forbes Global 2000 companies regularly review and approve policies related to privacy and IT security risks. Further proving a disconnect between IT department concerns and upper management's actions, more than half of boards rarely or never inspect budgets for privacy and IT security programs.
With many board members and executives failing to make privacy and data security organizational priorities, confidential company information could be at risk. Enterprise adoption of mobile devices and an increase in cyberattacks targeting smartphone and tablet users have made some companies more vulnerable to data loss than ever before, experts say. Meanwhile, email security and social media policies are also among the top data protection tasks for IT security personnel.