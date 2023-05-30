Understanding cyber risk and the C-suite

The threat landscape for businesses has evolved significantly in recent years, with cyberattacks becoming more sophisticated and frequent. As a result, cybersecurity has become a top priority for organisations of all sizes, and the C-suite, including CEOs, CFOs, CIOs, and CISOs, plays a critical role in managing and mitigating cyber risk.

By John Mc Loughlin, CEO of J2 Software

The State of Email Security, a report published by Mimecast, a leading email security provider, sheds light on the challenges faced by the C-suite in safeguarding their organisations against email-based cyber threats.

Email remains the primary communication tool for businesses, but it also poses significant security risks. From phishing attacks and ransomware to business email compromise (BEC) and insider threats, email-based attacks can have devastating consequences for organisations, including financial loss, reputational damage, and legal liabilities.

The Mimecast report, based on a global survey of 1,800 IT decision-makers, highlights key insights into the current state of email security and the role of the C-suite in managing cyber risk.

Cyber Risk Awareness in the C-Suite

The Mimecast report reveals that the C-suite has a high level of awareness about cyber risks associated with email. Over 90% of the surveyed IT decision-makers believe that their C-suite executives are concerned about the potential impact of email-based attacks on their organisations.

However, there is a significant gap between awareness and action, with only 53% of respondents stating that their C-suite leaders are highly engaged in cybersecurity matters.

This suggests that while the C-suite acknowledges the severity of cyber risks, there is room for improvement in terms of their active involvement in cybersecurity strategies and decision-making.

Cybersecurity is not just an IT issue; it is a business risk that requires leadership engagement and a proactive approach to safeguarding the organisation’s critical assets, including its reputation and financial well-being.

The Need for Cyber Risk Education and Training

The Mimecast report also highlights the importance of cybersecurity education and training for the C-suite. While 84% of the surveyed IT decision-makers believe that their C-suite executives understand the cyber risks associated with email, only 39% believe that their C-suite leaders have a good understanding of email security best practices.

This underscores the need for continuous education and training on cyber risks and best practices, especially for C-suite executives who may not have a technical background.

Organisations should prioritise cybersecurity awareness programs that cater to the C-suite and provide them with the necessary knowledge and skills to make informed decisions about cybersecurity strategies, investments, and risk mitigation measures.

Cybersecurity training should be an ongoing process that keeps the C-suite updated on the latest threats, trends, and best practices, and encourages them to actively participate in cybersecurity initiatives.

Cyber Risk Governance and Accountability

The Mimecast report highlights the importance of cyber risk governance and accountability in the C-suite. According to the survey, 60% of the respondents believe that their C-suite executives are held accountable for cybersecurity incidents in their organisations. However, only 29% of the respondents believe that their C-suite leaders have clear metrics and KPIs to assess the effectiveness of their cybersecurity programs.

This indicates the need for organisations to establish robust cyber risk governance frameworks that clearly define roles, responsibilities, and accountability for cybersecurity at the C-suite level.

C-suite executives should be empowered with the necessary authority and resources to effectively manage cyber risks and hold them accountable for the outcomes. This includes setting clear metrics and KPIs to measure the effectiveness of cybersecurity programs and driving continuous improvement.

Collaboration Between IT and the C-Suite

The Mimecast report highlights the importance of collaboration between IT and the C-suite in managing cyber risks. According to the survey, only 34% of complete respondents believe that their IT and security teams have complete visibility into the cyber risks faced by their organisations. This indicates a gap in communication and collaboration between IT teams and the C-suite.

Cybersecurity is not just the responsibility of IT and security teams; it requires a collaborative effort across the entire organisation, including the C-suite. The report emphasises the need for open communication channels and regular interactions between IT teams and the C-suite to ensure that cybersecurity risks are properly understood, assessed, and addressed at the highest level of the organisation.

The C-suite should actively seek input from IT and security teams, and IT teams should provide relevant information in a clear and concise manner that resonates with the C-suite’s strategic priorities.

Investment in Advanced Email Security Technologies

The Mimecast report also highlights the importance of investing in advanced email security technologies to mitigate cyber risks. According to the survey, 70% of respondents believe that their organisations are moderately to extremely vulnerable to email-based attacks.

However, only 51% of respondents have deployed advanced email security technologies, such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail), to protect against email spoofing and impersonation attacks.

This indicates that there is a significant gap in the adoption of advanced email security technologies, which are crucial in preventing email-based attacks. The C-suite should prioritise investments in robust email security solutions that leverage advanced technologies to detect and block sophisticated threats, such as phishing, ransomware, and BEC attacks.

This includes regular assessments of the organisation’s email security posture, staying updated with the latest threat intelligence, and implementing necessary measures to protect against emerging threats.

Conclusion

The State of Email Security report by Mimecast provides valuable insights into the challenges faced by the C-suite in managing cyber risks. While the C-suite acknowledges the severity of cyber threats, there is a need for increased engagement, education, and collaboration to effectively safeguard organisations against email-based attacks.

Cybersecurity is a business risk that requires active involvement from the C-suite, including CEOs, CFOs, CIOs, and CISOs, to ensure that the organisation’s critical assets are protected.

Organisations should prioritise cybersecurity education and training for the C-suite, establish robust cyber risk governance frameworks, and promote collaboration between IT teams and the C-suite. Investments in advanced email security technologies should also be a priority to effectively mitigate email-based cyber risks.

By taking a proactive and collaborative approach to cybersecurity, the C-suite can play a crucial role in safeguarding their organisations against cyber threats and ensuring business continuity in today’s rapidly evolving threat landscape.