Cybersecurity is no longer a phantom menace but a mainstream business issue. As the pandemic accelerates digital transformation everywhere, James Hennah, Director: Security for BT Asia, Middle East and Africa, says it’s the CISO who will be expected to step forward to provide essential leadership.
BT Security recently conducted its largest ever survey of business leaders, employees and consumers around the world to get their perspectives on cybersecurity. The researched showed that cybersecurity – and user perceptions thereof – will determine the success of digital businesses everywhere.
While there’s a general belief that organisations are operating securely, cybersecurity breaches are still an everyday occurrence. 76% of business leaders rate their organisation as excellent or good for protecting from cybersecurity threats, yet 84% say their organisation has suffered from data theft or loss, or had a network security incident, in the last 2-years. Why? Because too little attention is paid to basic cybersecurity measures.
- 45% of people have had a security incident at work (such as losing a laptop) and not reported it.
- 50% think intellectual property and data are lost when colleagues leave.
- 15% of executives and employees have given their work log-in and password to others.
- Nearly 20% of business leaders have lost a smartphone they use for work (and more than a few of them didn’t tell anyone).
Consumer behaviour doesn’t help, either. People knowingly take risks online even though they understand the dangers. Although they worry about losing data or being hacked, one third still neglect basic hygiene such as updating software, clearing cookies and routinely resetting passwords. And how your customers behave day-to-day has huge implications for the viability of your digital products and services. The upside is that there is a real opportunity to make security a differentiator. Consumers value companies they perceive as more secure, and 64% say they would recommend a large organisation that they think makes a big effort to keep their data secure. But only 16% of consumers strongly agree they trust large organisations to protect their personal data.
Happily, there’s little resistance to greater security measures. Attitudes are maturing; people understand the scale of the problem. They recognise that more technology can help keep them safe, with two thirds of consumers now saying security is more important than convenience. There’s clearly a business case for investing in security measures and behaviours that enhance the employee and customer experience.
Human nature stays at the heart of cybersecurity issues
Human nature is part of the problem – and part of the solution. The fact remains that if you’re only focused on technology, then you’re missing the critical bit that is human behaviour. The easiest way to infiltrate any organisation is through someone who works there. And unfortunately:
- Employees don’t admit to mistakes. Nearly half of employees say they personally have had a security incident and not declared it.
- Only one in three are 100% aware of the policies and procedures they should take to protect the security of their organisation’s data and less than half say they have definitely received training on data security.
- There’s a lack of confidence in training for new employees, and that steps are taken to protect data when people leave the company.
We need to super-charge the human firewall. This requires (a) providing education and coaching in how to behave safely online, (b) helping employees appreciate the impact a breach would have on the organisation and brand and (c) creating a culture in which it’s OK to speak up and admit mistakes.
CISOs have historically kept a low profile. Less than half of employees can name their company’s CISO. Yet without the CISO’s expertise and leadership, enterprises will struggle to achieve their digital transformation ambitions. Boardrooms now recognise that cybersecurity is their top priority – and second only to the pandemic. They require CISOs to take a lead, to drive cybersecurity performance as a competitive advantage and help the enterprise take advantage of every digital opportunity.
As cybersecurity is the cornerstone of all business, CISOs must be influential in strategic decision making. And they must be given the time and mental space to do that. Consider appointing an experienced security partner who can take over day-to-day security operations, including those essential basics. Relieving CISOs of immediate responsibility for commonplace tasks and incidents will give them the time and energy they need to raise their profile and focus on strategic business outcomes. Cybersecurity is everyone’s responsibility. It’s easy to say. Much harder to do. And it’s time for CISOs to take centre stage.