2nd Edition

Tracking the trends and news for IT and IT Security

Paul

The Attitudes of CEOs to Managing Cyber Risk and How They Can Improve: ISTARI Study

The-Attitudes-of-CEOs-to-Managing-Cyber-Risk-and-How-They-Can-Improve-ISTARI-Study.jpg The Attitudes of CEOs to Managing Cyber Risk and How They Can Improve: ISTARI Study>
National CompuTrade News Online
ISTARI, a Temasek-founded global cybersecurity firm dedicated to helping clients build cyber resilience, and Saïd Business School at the University of Oxford today revealed the findings of their joint CEO Report on Cyber Resilience. The report applies a top-management lens to cybersecurity risks and underscores the critical role CEOs play in building cyber resilience.

The CEOs acknowledged that they are formally answerable to regulators, shareholders and their boards for cybersecurity. Yet the majority (72%) said they were uncomfortable making decisions about it, often leading them to delegate responsibility for, and understanding of, cybersecurity to their technology teams, which can jeopardise resilience.

All CEOs interviewed said they feel accountable for cybersecurity. However, a parallel ISTARI survey of Chief Information Security Officers (CISOs) found one in two European (50%) and almost a third of US (30%) CISOs did not believe that their CEOs feel accountable. This gap in perception, according to the research, lies partly in the meaning of accountability: instead of seeing themselves as accountable – being the face of the mistake – CEOs should assume co-responsibility for cyber resilience together with their CISO. CEOs should stay away from blindly trusting their technology teams. Instead, they should move to a state of informed trust about their enterprise’s cyber resilience maturity. CEOs should embrace what the authors call the ‘preparedness paradox’: an inverse relationship between the perception of preparedness and resilience – the better-prepared CEOs think their organisation is for a serious cyberattack, the less resilient their organisation likely is, in reality. CEOs should adapt their communication styles to regulate pressure from external stakeholders who have different and sometimes conflicting demands. Depending on the stakeholder and the situation, CEOs should either be a transmitter, filter, absorber or amplifier of pressure. The second part of the report synthesises such advice in a playbook for CEOs wanting to build cyber resilience in their enterprises, laying out specific steps CEOs can personally take to anticipate, withstand, respond and adapt to serious cyberattacks.
Link: https://www.ncnonline.net/the-attitudes-of-ceos-to-managing-cyber-risk-and-how-they-can-improve-istari-study/

Categories:

Tags: