Although CEOs believe they will be held accountable for security breaches in their organisations, many of them don’t give the issue much attention, and even fewer have a plan to deal with it.
These are among the findings of a VMware survey which shows that more than one-third (35%) of IT decision-makers (ITDMs) across South Africa believe C-level executives or the board should be held accountable for a significant data breach.
However, almost a fifth (16%) of ITDMs do not believe their board or C-suite provides the right amount of attention to cyber security issues.
Astoundingly, 52% of respondents stated that there either is no plan within their overall business strategy for addressing a security breach, or that only a small part of their organisation is aware of there being one.
Additional research sponsored by VMware and conducted by the Economist Intelligence Unit earlier this year, revealed that just 8% of EMEA corporate leaders consider cyber security a priority for their business.
As cyber-attacks intensify and become more damaging for organisations, including the loss of intellectual property, competitive positioning, and customer data, the potential impact of this disconnect to performance and brand is significant.
Businesses are coming under increasing threat from serious cyber-attacks, with almost a fifth (16%) expecting to be hit in the next few days. With the complexities of an increasingly digital business world, current security methods may not be keeping pace.
In fact, when given a series of potential vulnerabilities that may leave their organisation vulnerable to a cyber-attack and asked to rank them on a scale of one to five, lack of budget and employees who are careless or untrained in cyber security ranked as one of the highest forms of threat (both at almost three out of five), topped by outdated software and systems security solutions (at 3.4 out of 5).
South African ITDMs stated that funding will be reduced across security including mobile security (23%), threat monitoring (18%) and encryption (24%).
“The issue around accountability is symptomatic of the underlying challenges facing business as they seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats,” comments Matthew Kibby, regional director of VMware sub-Saharan Africa. “Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust.
“With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approaches which are increasingly less able to protect the digital businesses of today.”
The new research also reveals the steps employees are willing to take to increase productivity. According to ITDMs, almost half (47%) of employees are allowed to use their mobile device to access corporate data, and 42% are aware that their employee’s mobile devices have been hacked.
“With the vast amount of data available on information security threats, there is no excuse for ignorance or inactivity,” says Arthur Goldstuck, MD of World Wide Worx. “Yet, that’s what we still see in a small but significant number of corporations. At the very least, any sizeable company should have a set of security measures, protocols and responses that is as much part of the company’s DNA as is its marketing strategy or legal compliance policy.”
Kibby adds: “Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business. Smart organisations enable, do not restrict their employees allowing them to thrive, as well as adapt processes and transform operations to succeed.
“Forward-thinking organisations understand that reactive security is no longer a suitable method for protecting applications and data,” he says. “By taking a software-defined approach to IT that embeds security into the applications and network, these businesses have gained the flexibility required to both secure and succeed as a digital business.”