An escalation in the frequency, severity and impact of cybersecurity attacks damaging corporate operations, finances and reputations is forcing boards of directors to take more active roles in their company's defensive posture. However, the level of participation in their companies' risk mitigation strategy remains lacking, according to new research from PwC.
Forty-five percent of 10,000 CEOs, CFOs, CIOs and other executives PwC polled said that their boards participated in corporate cybersecurity strategy, up from 42 percent when PwC conducted a similar survey for 2014, according to David Burg, PwC's global cybersecurity practice leader. But given the glut of cybersecurity attacks Burg says the numbers are lower than they should be. "It is surprising that this number isn't north of 75 percent,” says Burg, who published the data in a new report. “In a world of connected business ecosystems, you’re only as strong as your weakest link.”
Cyber attacks capture corporate attention
Emphasis on protecting corporate assets has risen dramatically in the wake of high-profile breaches at Target, Home Depot and other organizations. A major, targeted attack on Sony Pictures proved terrifying for many companies -- and heightened board-level interest -- as the attackers released embarrassing emails. Moreover, the frequency of attacks is accelerating: PwC survey respondents reported a 38 percent uptick in cyber-assaults from 2014. The result has business leaders and their boards rethinking their cybersecurity practices, including funneling $77 billion on corresponding tools and processes this year. That number will more than double to $170 billion by 2020, according to Gartner research.
Emerging digital technologies, including IP address-enabled devices under the Internet of Things banner, will widen the attack surface, forcing corporate boards to step up their participation in threat mitigation, Burg says. Some boards are influencing technology selection, process implementation and budgets. For example, board participation in technology spending grew 7 percent, to 37 percent from 2014 to 2015, which he views as partially responsible for the 24 percent boost in security tools. Reviews of privacy and security risks also grew 7 percent, to 32 percent from 25 percent a year ago.
Stepping up the cyber defense
Meanwhile, with or without the board’s involvement, companies are taking several measures to better protect themselves beyond such obvious options as strong encryption.
Cloud services as a trusted security measure. Companies are investing heavily in cloud tools for data protection, privacy, network security, identity and access management, real-time monitoring and analytics, and advanced authentication. Sixty-nine percent of those surveyed say they were using a cloud-based security service, and 56 percent cited real-time monitoring and analytics as their preferred line of defense.
Sign up for Computerworld eNewsletters.