Acmetek - Blog

August 29, 2022

Company executives are not giving cybersecurity concerns in digital ecosystems enough priority shows TCS Study

As the chief information security officers (CISOs) and chief risk officers (CROs) of large companies realize, the question of cyberattacks is no longer “if” but “where” and “how.” Most large enterprises today are already dedicating sizable headcount and operating budgets to identifying risks, defending the company against threats, and mitigating the effects of the attacks that are already occurring.

The TCS study of enterprise risk and cybersecurity professionals shows, reports some good news. For one thing, funding for cybersecurity and risk mitigation initiatives is active and high (Figure 1). For another, considering all other factors, 60% of cyber risk and security executives feel some confidence their company will be able to avoid a major cyber event that results in significant financial loss or reputational damage. They know they’ll be attacked, but they are either cautiously confident or (for 14%) even very confident they will weather the onslaught (Figure 2).

How involved are the board of directors and the C-suite in defending the company against assaults and intrusions by bad actors?

The study reports that two out of five boards include cyber risk and security on their agendas at every meeting, but almost one in five boards are mostly disengaged from the topic. Companies with publicly traded shares are more likely to have boards that focus on risk and cybersecurity at every meeting given the growing legislation and reporting obligations around privacy and security, especially for exchange-listed enterprises. Similar, if a little less proactive, engagement from other C-suite executives was described by CISOs and CROs as below: 

Here’s a graph of CISOs & CROs’ confidence in their company's ability to avoid a major cyber incident in the next 3 years resulting in significant financial or reputational loss:

Figure 2

Too many companies, though, still believe they cannot sufficiently defend themselves against risks that already exist, much less those that are on the horizon like AI-assisted attacks. Though boards are becoming more and more concerned about cyber risk and security, C-suites and lines of business continue to only focus on the issue when it is brought to their attention. And it's noted that 18% of C-suites only focus on it after the organization has already been attacked. 

What are the top priorities for cyber defense and business resiliency?

According to cyber risk and security strategists, the most common tasks given to them by their boards of directors are to 1) increase the company's cybersecurity maturity and adopt emerging models like "zero trust" 2) increase the visibility of cyber risks and ensure compliance with regulatory and industry requirements, and 3) ensure that cyber risks are holistically managed and mitigated across their companies and partners. 

So getting started with cyber initiatives involves adopting emerging models and maintaining compliance. This is possible by getting started on the strongest organizational protection available:

USA Office
6735 Salt Cedar Way,
Building 1, Suite 379,  Frisco,
707 Alexander Rd,
New Jersey 08540

© 2021 Acmetek All Right Reserved. Legal | Terms of Use | Privacy Policy

apac Office
Ace Krishna Prime,
304, Road No.1,
Lakshmi Nagar Colony,
Kothapet, Hyderabad-500035,
INC 5000
Newsletter sign up
Signup to receive cybersecurity updates