With the average cost of a data breach now $6.5 million, and the number and severity of cyber attacks increasing, you’d think senior executives would be quick to tackle the threat of cyber crime. Unfortunately, the issue of cybersecurity remains the elephant in most boardrooms.
According to PwC’s Global State of Information Security Survey 2015, 58% of boards were found to be uninvolved in their company’s overall cybersecurity strategy, and 75% played no part in reviewing security and privacy risks.
The report concludes that many boards “find it difficult to understand how security technology works and identify the related tactical risks”. As a consequence of this, security budgets remain static and many organizations struggle to achieve adequate levels of information security.
Earlier this year we reported on the news that the data breach affecting 1.25 million people at the Japan Pension Service was swept under the carpet and not discussed at their regular board meeting, just two weeks after the incident.
Alan Calder, the founder and executive chairman of IT Governance, discussed the PwC survey in a recent press release: “Cybersecurity is a business-critical issue, and can only be delivered effectively if pressure comes from the top down. Boards need to pay greater attention to the threats that their organizations face and be much more involved in reducing their susceptibility to attack. This means taking appropriate action to mitigate their vulnerability – and budgeting accordingly.”
Persuading the board to invest in information security measures requires certain sales skills. Selling Information Security to the Board – A Primer will help you understand how to persuade company directors to commit money and resources to your information security initiatives.