Industry Research : Board of Directors Think They are 'Above It' When it Comes to IT Security
A survey of 300 IT Security professionals has revealed that board of directors are most likely to ignore or flout security policies and procedures, with 42% cited as frequently ignoring them. That’s according to a survey released today by Cryptzone, Europe’s IT Threat Mitigation providers, who found that rather than setting an example, over half of respondents were convinced that senior management believe that "the rules don't apply to them" when it comes to respecting IT security policies and procedures.
2018 Top Ranking Performers Present:
Alarmingly, 52% of those surveyed agreed with the statement that the Board of Directors have access to the most sensitive information yet have the least understanding of security. A worrying statistic when data loss has become a daily news headline and the regulators is hitting hard on organisations with lax attitudes towards data security.
Senior Vice President of the NETconsent business unit at Cryptzone, Dominic Saunders, said, "There’s a saying ‘do as I say, not as I do’ and this study would appear to demonstrate that it resonates in the executive corridor of far too many organisations today. However, there’s also a phrase ‘united we stand, divided we fall’ and that’s what each person who doesn’t tow the security line is potentially exposing their company to. Education is so important so that every single person not only knows what they should be doing, but also why they’re doing it. On top of that organisations need to get savvy and introduce solutions that don’t allow anyone, regardless of how far up the corporate tree they sit, to flout policies and procedures."
The survey was conducted amongst 300 IT professionals visiting last month’s Infosecurity Europe, so surprisingly , when asked who in the organisation is least likely to follow policy and procedures, 20% answered senior managers, 17% CEO’s and an additional 20% pointed the finger right back at themselves citing the IT team!
"This is a tough problem. Seeing wanton disregard at a senior level for the policies and procedures put in place to protect an organisation is infuriating, and a real challenge for the CISO who must balance the needs of a business with the requirement to protect assets." said Nigel Stanley, Practice Leader for Security at Bloor Research.
CONTACT CENTER & CUSTOMER ENGAGEMENT
BERLIN - ORLANDO - MACAO
FIND OUT MORE!
He added, "I consider the starting point for all security measures to be a governance statement signed by the board, at least with this you have some comeback if senior managers and directors aren’t playing ball."
Turning attentions to security training, 65% of companies offer the same level and amount of IT security training to everyone in the organisation. Dominic concludes, "The reality of this practice is money is being wasted training people who might not need it, while not providing enough to the most at risk groups. Instead training should be tailored to reflect the level and depth of information people are privilege to, balanced against the risks they’re exposed to."
2018 Top Ranking Performers Present:
Today's Tip of the Day - First Contact
More Editorial From Cryptzone
Published: Wednesday, May 23, 2012
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
Noble Systems Corporation is a global provider of contact center, workforce engagement, and analytics technologies, offering premise, cloud, and hybrid platforms. Noble Systems has been providing inno...
Dialogic is a provider of technologies based on open standards such as host media processing and other multimedia products that enable its customers and partners to deliver mobile, video, IP, and TDM ...
NICE (NASDAQ: NICE), is a worldwide provider of intent-based solutions that capture and analyze interactions and transactions, realize intent, and extract and leverage insights to deliver impact in re...