Cyber Insecurity Grows for CEOs, IT Departments, and Devices

Everyone knows cybersecurity is one of the biggest problems of our time. The question is what to do about it.

According to a new report, the problem starts at the top of most organizations—but it certainly doesn’t end there. Fifty-three percent of IT security professionals surveyed say CEOs make business decisions without regard to security. The 304-person survey was conducted by Dimensional Research and sponsored by CyberArk (NASDAQ: CYBR), a security company based in the Tel Aviv and Boston areas.

The report also says that one-third of CEOs are not regularly briefed on security issues and business risks, and that 43 percent of management teams don’t regularly receive security status reports.

Some other notable opinions of security staff:

—61 percent say CEOs do not know enough about cybersecurity
—44 percent say CEOs do not grasp the severity of today’s risks
—75 percent say budgeting issues are the primary barrier to improving security

Meanwhile, the amount of communication between security staff and management teams seems to depend on the industry. More respondents in financial services (72 percent) and healthcare (70 percent) said they give executive teams regular reports and metrics, as compared with those in manufacturing, hospitality, transportation, and nonprofits (all 50 percent or less).

Indeed, a PricewaterhouseCoopers report released today says cybersecurity is one of the top issues to watch in the healthcare industry, heading into 2016. The report cites as hacking risks things like mobile apps, insulin pumps, and any type of medical software or device that connects to the Internet. A survey earlier this year from MedData Group found that doctors are already quite concerned about cyber attacks in clinical settings.

Gregory T. Huang is Xconomy's Deputy Editor, National IT Editor, and Editor of Xconomy Boston. E-mail him at gthuang [at] xconomy.com. Follow @gthuang

Trending on Xconomy