Almost half of Boards lack real understanding of cyber threat
Forty five per cent of cyber security professionals believe their board of directors have a major gap in their understanding of cyber risk, or simply don’t understand the risk at all.
This is despite over half (54%) of boards being ultimately accountable for the cyber strategy. This is according to the second annual Harvey Nash / PGI Cyber Security Survey, representing the views of almost 200 senior cyber security professionals.
The Survey also reveals that lack of cyber risk awareness affects the senior executive team: one third of cyber professionals (33%) believe their CEO has major knowledge gaps and almost half (49%) believe so for their CFO. CMOs, many of whom have increasing responsibility for customer data and driving customer facing digital strategies, were also rated poorly in the Survey, with 43% of cyber professionals believing they had major knowledge gaps, and one in ten (11%) believing they had no cyber risk awareness at all.
Whilst most cyber professionals feel their organisations have the basics covered, 85% still think there is more to do, and one quarter (26%) believe there is significantly more work to do.
The top three factors holding back the cyber security strategy were: Budget (selected by 57%), Security aware culture (49%) and Understanding of the real threat (43%).
Brian Lord, Managing Director, PGI Cyber commented: “Cyber security is as much about people as it is about technology. Whilst there is no doubt many boards are asking more questions about cyber security than they did five years ago, it is clear that there is much more to do to make organisations fully aware and prepared for the challenges of an increasingly global and digital world.”
The Survey also reveals that four in ten (38%) of cyber leaders believe they lack the internal skills to achieve their security strategy. The skillsets most in demand were senior or business focused, rather than technical, with 50% citing they lacked security architects, 43% lacking training and awareness skills and 38% lacking project managers and leaders.
Stephanie Crates, Head of Information Security Practice – London, Harvey Nash, commented: “Whilst it’s true to say cyber professionals enjoy greater demand for their skills now than they have ever had before, it is also true to say the nature of that demand has changed. Increasingly companies are looking for people who are able to influence, persuade and educate as much they can design, build and test. The image of a cyber professional as a ‘techie geek’ is, if it were ever true, a thing of the past.”
About the Survey
The Harvey Nash / PGI Cyber Security Survey represents the views of 176 senior information security professionals. Sixteen per cent of respondents were CISO, 27% were Head of InfoSec or Security Manager and 9% were CIO. The remaining 48% were spread between a range of roles including IT leaders with responsibility for security, security specialists and senior management. The Survey was conducted between 21st September 2015 and 7th December 2015.
About Harvey Nash
Harvey Nash plc is a $1b global recruitment consultancy and IT outsourcing service provider listed on the London Stock Exchange.
In 2013 we established a dedicated Information Security Practice to help organisations recruit experts in the increasingly vital area of security and risk. Since then, we have become one of the leading recruiters in this space, providing contract and permanent experts for technical, governance, risk and strategic security skill sets.
Our success lies in our knowledge and passion. Through our events and unique research (like our Cyber Security Survey) we are have a deep understanding of the people and challenges of the industry we serve.
We work with companies, both big and small, as well as governments and not-for-profit organisations to recruit the very best security talent: from CISO to Operation Analysts.
PGI’s mission is to provide high quality, expert and proportionate services, including raising security awareness and providing related certified education.
Whether you are a small company or large organisation, PGI can help make your business as secure as it needs to be. Our team of world-class cyber experts are some of the best qualified in the country, allowing you to rest easy that you are in safe hands with us.
We were also the first company in Europe to open its own cyber academy, a building that gives us the opportunity to provide first class education and cyber security training. PGI operates on a global scale and truly believe our motto, ‘making the world a safer place to do business.
Whether you need intelligence, risk mitigation or physical security services, PGI is an organisation you can trust to keep your organisation as secure as you need it to be.