CEO Report Card: Low Grades for Risk Management

Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.

Marilyn Cohodas, Managing Editor, Dark Reading

July 18, 2014

2 Min Read
(Source: Dark Reading)

Former Target chief executive Greg Steinhafel would be in good company today if the Dark Reading community had a say in his job performance on cyber security risk management.

Steinhafel, as I'm sure you recall, famously resigned from the retailers' top job this past May, following a data breach of 40 million hacked credit and debit card accounts compromising the names, phone numbers, email and mailing addresses from as many as 70 million customers.

In the Dark Reading community, according to the results of our latest poll, members likewise show a stunning lack of confidence in their chief executives' ability to marshal the talent, financial resources, skills and training to defend their companies from a similar attack. Only 16% of roughly 750 respondents gave CEOs an "A" for making cyber risk management a top priority. On the bottom end of the grade scale, 19% blasted execs for an "epic fail" that left company data an open target for hackers and criminals.

If there is any good news in the community report card, it's that for more than a quarter of respondents, their executive leadership is moving in the right direction, albeit with one significant qualification: "We lack critical tools."

More damning is the indictment from the 40% who say companies are either "barely meeting minimum compliance standards" or "flying blind" with security teams who lack the latest technology and training.

In Target's case, what happened to Steinhafel -- a 35-year company veteran -- should serve as a cautionary tale to other corner office execs that in today's complex and rapidly evolving threat landscape, security needs to be viewed as an investment not a cost.

Or, as PaloJoel observed in a comment on Why Security & Profitability Go Hand-In-Hand, "The real question business leaders should be asking security practioners is [how can I] make my security a competitve advantage versus how do I get you to stop draining my pockets. Bottomline: if I am robbed less, protect myself better, do it more easily, and spend less doing it than the other guy I am going to grow faster and be more profitable."

What advice would you give to your CEO about how to beef up the company's risk management GPA and turn infosec into a business benefit? Let ‘s chat about that in the comments.

About the Author(s)

Marilyn Cohodas

Managing Editor, Dark Reading

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting enterprise Windows platforms and technologies.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights